Lucene search
Veracode Vulnerability DatabaseVERACODE:4280HistoryMay 23, 2017 - 6:11 a.m.
Cross-site Scripting (XSS)
2017-05-2306:11:55
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
5
0.001 Low
EPSS
Percentile
39.4%
vimbadmin is vulnerable to cross-site scripting (XSS) attacks. A malicious user can inject and execute arbitrary javascript code in multiple pages of the library.
| CPE | Name | Operator | Version |
|---|---|---|---|
| opensolutions/vimbadmin | le | 3.0.15 |
References
www.openwall.com/lists/oss-security/2017/05/03/8
github.com/opensolutions/ViMbAdmin/blob/3.0.15/application/controllers/DomainController.php#L170
github.com/opensolutions/ViMbAdmin/blob/master/application/controllers/AliasController.php#L208
github.com/opensolutions/ViMbAdmin/blob/master/application/controllers/AuthController.php#L71
github.com/opensolutions/ViMbAdmin/blob/master/application/controllers/MailboxController.php#L223
sysdream.com/news/lab/2017-05-03-cve-2017-5870-multiple-xss-vulnerabilities-in-vimbadmin/
Related
packetstorm
packetstorm
ViMbAdmin 3.0.15 Cross Site Scripting
2017-05-05 00:00:00
cvelist
cvelist
CVE-2017-5870
2017-05-23 03:56:00
cve
cve
CVE-2017-5870
2017-05-23 04:29:01
osv
osv
ViMbAdmin Cross-site Scripting Vulnerabilities
2022-05-17 02:43:11
CVE-2017-5870
2017-05-23 04:29:01
nvd
nvd
CVE-2017-5870
2017-05-23 04:29:01
github
github
ViMbAdmin Cross-site Scripting Vulnerabilities
2022-05-17 02:43:11
prion
prion
Cross site scripting
2017-05-23 04:29:00
openvas
openvas
ViMbAdmin Multiple Vulnerabilities
2017-06-14 00:00:00