Opensolutions Vimbadmin vulnerabilities
2 known vulnerabilities affecting opensolutions/vimbadmin.
Total CVEs
2
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2017-6086P3HIGHPoC≥ 0, ≤ 3.0.152022-05-17
CVE-2017-6086 [HIGH] CWE-352 ViMbAdmin CSRF Vulnerabilities
ViMbAdmin CSRF Vulnerabilities
Multiple cross-site request forgery (CSRF) vulnerabilities in the addAction and purgeAction functions in ViMbAdmin 3.0.15 allow remote attackers to hijack the authentication of logged administrators to
1. add an administrator user via a crafted POST request to `/application/controllers/DomainController.php`,
2. remove an administrator user via a crafted GET request to `/application/controllers/DomainContr
ghsaosv
CVE-2017-5870P4MEDIUM≥ 0, ≤ 3.0.152022-05-17
CVE-2017-5870 [MEDIUM] CWE-79 ViMbAdmin Cross-site Scripting Vulnerabilities
ViMbAdmin Cross-site Scripting Vulnerabilities
Multiple cross-site scripting (XSS) vulnerabilities in ViMbAdmin 3.0.15 allow remote attackers to inject arbitrary web script or HTML via the (1) domain or (2) transport parameter to domain/add; the (3) name parameter to mailbox/add/did/; the (4) goto parameter to alias/add/did/; or the (5) captchatext parameter to auth/lost-password.
ghsaosv