CVE-2017-5870
published 2017-05-23CVE-2017-5870: Multiple cross-site scripting (XSS) vulnerabilities in ViMbAdmin 3.0.15 allow remote attackers to inject arbitrary web script or HTML via the (1) domain or (2)…
PriorityP423medium5.4CVSS 3.0
AVNACLPRLUIRSCCLILAN
EPSS
1.01%
58.8th percentile
Multiple cross-site scripting (XSS) vulnerabilities in ViMbAdmin 3.0.15 allow remote attackers to inject arbitrary web script or HTML via the (1) domain or (2) transport parameter to domain/add; the (3) name parameter to mailbox/add/did/; the (4) goto parameter to alias/add/did/; or the (5) captchatext parameter to auth/lost-password.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| opensolutions | vimbadmin | 0 – 3.0.15 | — |
| vimbadmin | vimbadmin | — | — |
CVSS provenance
nvdv3.05.4MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
ViMbAdmin Cross-site Scripting Vulnerabilities
ghsa·2022-05-17
CVE-2017-5870 [MEDIUM] CWE-79 ViMbAdmin Cross-site Scripting Vulnerabilities
ViMbAdmin Cross-site Scripting Vulnerabilities
Multiple cross-site scripting (XSS) vulnerabilities in ViMbAdmin 3.0.15 allow remote attackers to inject arbitrary web script or HTML via the (1) domain or (2) transport parameter to domain/add; the (3) name parameter to mailbox/add/did/; the (4) goto parameter to alias/add/did/; or the (5) captchatext parameter to auth/lost-password.
OSV
ViMbAdmin Cross-site Scripting Vulnerabilities
osv·2022-05-17
CVE-2017-5870 [MEDIUM] ViMbAdmin Cross-site Scripting Vulnerabilities
ViMbAdmin Cross-site Scripting Vulnerabilities
Multiple cross-site scripting (XSS) vulnerabilities in ViMbAdmin 3.0.15 allow remote attackers to inject arbitrary web script or HTML via the (1) domain or (2) transport parameter to domain/add; the (3) name parameter to mailbox/add/did/; the (4) goto parameter to alias/add/did/; or the (5) captchatext parameter to auth/lost-password.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://www.openwall.com/lists/oss-security/2017/05/03/8https://sysdream.com/news/lab/2017-05-03-cve-2017-5870-multiple-xss-vulnerabilities-in-vimbadmin/http://www.openwall.com/lists/oss-security/2017/05/03/8https://sysdream.com/news/lab/2017-05-03-cve-2017-5870-multiple-xss-vulnerabilities-in-vimbadmin/
2017-05-23
Published