QwikSec

Security Database

CVE

CWE

Training

CVE-2017-5870

Published: May 23, 2017

Modified: Aug 5, 2024

PUBLISHED

Description

Multiple cross-site scripting (XSS) vulnerabilities in ViMbAdmin 3.0.15 allow remote attackers to inject arbitrary web script or HTML via the (1) domain or (2) transport parameter to domain/add; the (3) name parameter to mailbox/add/did/<domain id>; the (4) goto parameter to alias/add/did/<domain id>; or the (5) captchatext parameter to auth/lost-password.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[oss-security] 20170503 [CVE-2017-5870] Multiple XSS vulnerabilities in ViMbAdmin

mailing-list

x_refsource_MLIST

https://sysdream.com/news/lab/2017-05-03-cve-2017-5870-multiple-xss-vulnerabilities-in-vimbadmin/

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.