vimbadmin is vulnerable to cross-site scripting (XSS) attacks. A malicious user can inject and execute arbitrary javascript code in multiple pages of the library.
CPE | Name | Operator | Version |
---|---|---|---|
opensolutions/vimbadmin | le | 3.0.15 |
www.openwall.com/lists/oss-security/2017/05/03/8
github.com/opensolutions/ViMbAdmin/blob/3.0.15/application/controllers/DomainController.php#L170
github.com/opensolutions/ViMbAdmin/blob/master/application/controllers/AliasController.php#L208
github.com/opensolutions/ViMbAdmin/blob/master/application/controllers/AuthController.php#L71
github.com/opensolutions/ViMbAdmin/blob/master/application/controllers/MailboxController.php#L223
sysdream.com/news/lab/2017-05-03-cve-2017-5870-multiple-xss-vulnerabilities-in-vimbadmin/