Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
4 vulnerabilities found for vimbadmin by vimbadmin
CVE-2017-6086 (GCVE-0-2017-6086)
Vulnerability from nvd – Published: 2017-06-27 20:00 – Updated: 2024-08-05 15:18
VLAI
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in the addAction and purgeAction functions in ViMbAdmin 3.0.15 allow remote attackers to hijack the authentication of logged administrators to (1) add an administrator user via a crafted POST request to <vimbadmin directory>/application/controllers/DomainController.php, (2) remove an administrator user via a crafted GET request to <vimbadmin directory>/application/controllers/DomainController.php, (3) change an administrator password via a crafted POST request to <vimbadmin directory>/application/controllers/DomainController.php, (4) add a mailbox via a crafted POST request to <vimbadmin directory>/application/controllers/MailboxController.php, (5) delete a mailbox via a crafted POST request to <vimbadmin directory>/application/controllers/MailboxController.php, (6) archive a mailbox address via a crafted GET request to <vimbadmin directory>/application/controllers/ArchiveController.php, (7) add an alias address via a crafted POST request to <vimbadmin directory>/application/controllers/AliasController.php, or (8) remove an alias address via a crafted GET request to <vimbadmin directory>/application/controllers/AliasController.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/41967/ | exploitx_refsource_EXPLOIT-DB |
| http://www.openwall.com/lists/oss-security/2017/05/03/7 | mailing-listx_refsource_MLIST |
Date Public
2017-05-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:18:49.781Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "41967",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/41967/"
},
{
"name": "[oss-security] 20170503 [CVE-2017-6086] Multiple CSRF vulnerabilities in ViMbAdmin version 3.0.15",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/05/03/7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-05-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the addAction and purgeAction functions in ViMbAdmin 3.0.15 allow remote attackers to hijack the authentication of logged administrators to (1) add an administrator user via a crafted POST request to \u003cvimbadmin directory\u003e/application/controllers/DomainController.php, (2) remove an administrator user via a crafted GET request to \u003cvimbadmin directory\u003e/application/controllers/DomainController.php, (3) change an administrator password via a crafted POST request to \u003cvimbadmin directory\u003e/application/controllers/DomainController.php, (4) add a mailbox via a crafted POST request to \u003cvimbadmin directory\u003e/application/controllers/MailboxController.php, (5) delete a mailbox via a crafted POST request to \u003cvimbadmin directory\u003e/application/controllers/MailboxController.php, (6) archive a mailbox address via a crafted GET request to \u003cvimbadmin directory\u003e/application/controllers/ArchiveController.php, (7) add an alias address via a crafted POST request to \u003cvimbadmin directory\u003e/application/controllers/AliasController.php, or (8) remove an alias address via a crafted GET request to \u003cvimbadmin directory\u003e/application/controllers/AliasController.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-15T09:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "41967",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/41967/"
},
{
"name": "[oss-security] 20170503 [CVE-2017-6086] Multiple CSRF vulnerabilities in ViMbAdmin version 3.0.15",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/05/03/7"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6086",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the addAction and purgeAction functions in ViMbAdmin 3.0.15 allow remote attackers to hijack the authentication of logged administrators to (1) add an administrator user via a crafted POST request to \u003cvimbadmin directory\u003e/application/controllers/DomainController.php, (2) remove an administrator user via a crafted GET request to \u003cvimbadmin directory\u003e/application/controllers/DomainController.php, (3) change an administrator password via a crafted POST request to \u003cvimbadmin directory\u003e/application/controllers/DomainController.php, (4) add a mailbox via a crafted POST request to \u003cvimbadmin directory\u003e/application/controllers/MailboxController.php, (5) delete a mailbox via a crafted POST request to \u003cvimbadmin directory\u003e/application/controllers/MailboxController.php, (6) archive a mailbox address via a crafted GET request to \u003cvimbadmin directory\u003e/application/controllers/ArchiveController.php, (7) add an alias address via a crafted POST request to \u003cvimbadmin directory\u003e/application/controllers/AliasController.php, or (8) remove an alias address via a crafted GET request to \u003cvimbadmin directory\u003e/application/controllers/AliasController.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "41967",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/41967/"
},
{
"name": "[oss-security] 20170503 [CVE-2017-6086] Multiple CSRF vulnerabilities in ViMbAdmin version 3.0.15",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/05/03/7"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-6086",
"datePublished": "2017-06-27T20:00:00.000Z",
"dateReserved": "2017-02-18T00:00:00.000Z",
"dateUpdated": "2024-08-05T15:18:49.781Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-5870 (GCVE-0-2017-5870)
Vulnerability from nvd – Published: 2017-05-23 03:56 – Updated: 2024-08-05 15:11
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in ViMbAdmin 3.0.15 allow remote attackers to inject arbitrary web script or HTML via the (1) domain or (2) transport parameter to domain/add; the (3) name parameter to mailbox/add/did/<domain id>; the (4) goto parameter to alias/add/did/<domain id>; or the (5) captchatext parameter to auth/lost-password.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2017/05/03/8 | mailing-listx_refsource_MLIST |
| https://sysdream.com/news/lab/2017-05-03-cve-2017… | x_refsource_MISC |
Date Public
2017-05-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:11:49.013Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20170503 [CVE-2017-5870] Multiple XSS vulnerabilities in ViMbAdmin",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/05/03/8"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sysdream.com/news/lab/2017-05-03-cve-2017-5870-multiple-xss-vulnerabilities-in-vimbadmin/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-05-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ViMbAdmin 3.0.15 allow remote attackers to inject arbitrary web script or HTML via the (1) domain or (2) transport parameter to domain/add; the (3) name parameter to mailbox/add/did/\u003cdomain id\u003e; the (4) goto parameter to alias/add/did/\u003cdomain id\u003e; or the (5) captchatext parameter to auth/lost-password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-23T01:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20170503 [CVE-2017-5870] Multiple XSS vulnerabilities in ViMbAdmin",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/05/03/8"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sysdream.com/news/lab/2017-05-03-cve-2017-5870-multiple-xss-vulnerabilities-in-vimbadmin/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5870",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ViMbAdmin 3.0.15 allow remote attackers to inject arbitrary web script or HTML via the (1) domain or (2) transport parameter to domain/add; the (3) name parameter to mailbox/add/did/\u003cdomain id\u003e; the (4) goto parameter to alias/add/did/\u003cdomain id\u003e; or the (5) captchatext parameter to auth/lost-password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20170503 [CVE-2017-5870] Multiple XSS vulnerabilities in ViMbAdmin",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/05/03/8"
},
{
"name": "https://sysdream.com/news/lab/2017-05-03-cve-2017-5870-multiple-xss-vulnerabilities-in-vimbadmin/",
"refsource": "MISC",
"url": "https://sysdream.com/news/lab/2017-05-03-cve-2017-5870-multiple-xss-vulnerabilities-in-vimbadmin/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-5870",
"datePublished": "2017-05-23T03:56:00.000Z",
"dateReserved": "2017-02-02T00:00:00.000Z",
"dateUpdated": "2024-08-05T15:11:49.013Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-6086 (GCVE-0-2017-6086)
Vulnerability from cvelistv5 – Published: 2017-06-27 20:00 – Updated: 2024-08-05 15:18
VLAI
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in the addAction and purgeAction functions in ViMbAdmin 3.0.15 allow remote attackers to hijack the authentication of logged administrators to (1) add an administrator user via a crafted POST request to <vimbadmin directory>/application/controllers/DomainController.php, (2) remove an administrator user via a crafted GET request to <vimbadmin directory>/application/controllers/DomainController.php, (3) change an administrator password via a crafted POST request to <vimbadmin directory>/application/controllers/DomainController.php, (4) add a mailbox via a crafted POST request to <vimbadmin directory>/application/controllers/MailboxController.php, (5) delete a mailbox via a crafted POST request to <vimbadmin directory>/application/controllers/MailboxController.php, (6) archive a mailbox address via a crafted GET request to <vimbadmin directory>/application/controllers/ArchiveController.php, (7) add an alias address via a crafted POST request to <vimbadmin directory>/application/controllers/AliasController.php, or (8) remove an alias address via a crafted GET request to <vimbadmin directory>/application/controllers/AliasController.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/41967/ | exploitx_refsource_EXPLOIT-DB |
| http://www.openwall.com/lists/oss-security/2017/05/03/7 | mailing-listx_refsource_MLIST |
Date Public
2017-05-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:18:49.781Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "41967",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/41967/"
},
{
"name": "[oss-security] 20170503 [CVE-2017-6086] Multiple CSRF vulnerabilities in ViMbAdmin version 3.0.15",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/05/03/7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-05-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the addAction and purgeAction functions in ViMbAdmin 3.0.15 allow remote attackers to hijack the authentication of logged administrators to (1) add an administrator user via a crafted POST request to \u003cvimbadmin directory\u003e/application/controllers/DomainController.php, (2) remove an administrator user via a crafted GET request to \u003cvimbadmin directory\u003e/application/controllers/DomainController.php, (3) change an administrator password via a crafted POST request to \u003cvimbadmin directory\u003e/application/controllers/DomainController.php, (4) add a mailbox via a crafted POST request to \u003cvimbadmin directory\u003e/application/controllers/MailboxController.php, (5) delete a mailbox via a crafted POST request to \u003cvimbadmin directory\u003e/application/controllers/MailboxController.php, (6) archive a mailbox address via a crafted GET request to \u003cvimbadmin directory\u003e/application/controllers/ArchiveController.php, (7) add an alias address via a crafted POST request to \u003cvimbadmin directory\u003e/application/controllers/AliasController.php, or (8) remove an alias address via a crafted GET request to \u003cvimbadmin directory\u003e/application/controllers/AliasController.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-15T09:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "41967",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/41967/"
},
{
"name": "[oss-security] 20170503 [CVE-2017-6086] Multiple CSRF vulnerabilities in ViMbAdmin version 3.0.15",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/05/03/7"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6086",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the addAction and purgeAction functions in ViMbAdmin 3.0.15 allow remote attackers to hijack the authentication of logged administrators to (1) add an administrator user via a crafted POST request to \u003cvimbadmin directory\u003e/application/controllers/DomainController.php, (2) remove an administrator user via a crafted GET request to \u003cvimbadmin directory\u003e/application/controllers/DomainController.php, (3) change an administrator password via a crafted POST request to \u003cvimbadmin directory\u003e/application/controllers/DomainController.php, (4) add a mailbox via a crafted POST request to \u003cvimbadmin directory\u003e/application/controllers/MailboxController.php, (5) delete a mailbox via a crafted POST request to \u003cvimbadmin directory\u003e/application/controllers/MailboxController.php, (6) archive a mailbox address via a crafted GET request to \u003cvimbadmin directory\u003e/application/controllers/ArchiveController.php, (7) add an alias address via a crafted POST request to \u003cvimbadmin directory\u003e/application/controllers/AliasController.php, or (8) remove an alias address via a crafted GET request to \u003cvimbadmin directory\u003e/application/controllers/AliasController.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "41967",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/41967/"
},
{
"name": "[oss-security] 20170503 [CVE-2017-6086] Multiple CSRF vulnerabilities in ViMbAdmin version 3.0.15",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/05/03/7"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-6086",
"datePublished": "2017-06-27T20:00:00.000Z",
"dateReserved": "2017-02-18T00:00:00.000Z",
"dateUpdated": "2024-08-05T15:18:49.781Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-5870 (GCVE-0-2017-5870)
Vulnerability from cvelistv5 – Published: 2017-05-23 03:56 – Updated: 2024-08-05 15:11
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in ViMbAdmin 3.0.15 allow remote attackers to inject arbitrary web script or HTML via the (1) domain or (2) transport parameter to domain/add; the (3) name parameter to mailbox/add/did/<domain id>; the (4) goto parameter to alias/add/did/<domain id>; or the (5) captchatext parameter to auth/lost-password.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2017/05/03/8 | mailing-listx_refsource_MLIST |
| https://sysdream.com/news/lab/2017-05-03-cve-2017… | x_refsource_MISC |
Date Public
2017-05-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:11:49.013Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20170503 [CVE-2017-5870] Multiple XSS vulnerabilities in ViMbAdmin",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/05/03/8"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sysdream.com/news/lab/2017-05-03-cve-2017-5870-multiple-xss-vulnerabilities-in-vimbadmin/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-05-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ViMbAdmin 3.0.15 allow remote attackers to inject arbitrary web script or HTML via the (1) domain or (2) transport parameter to domain/add; the (3) name parameter to mailbox/add/did/\u003cdomain id\u003e; the (4) goto parameter to alias/add/did/\u003cdomain id\u003e; or the (5) captchatext parameter to auth/lost-password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-23T01:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20170503 [CVE-2017-5870] Multiple XSS vulnerabilities in ViMbAdmin",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/05/03/8"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sysdream.com/news/lab/2017-05-03-cve-2017-5870-multiple-xss-vulnerabilities-in-vimbadmin/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5870",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ViMbAdmin 3.0.15 allow remote attackers to inject arbitrary web script or HTML via the (1) domain or (2) transport parameter to domain/add; the (3) name parameter to mailbox/add/did/\u003cdomain id\u003e; the (4) goto parameter to alias/add/did/\u003cdomain id\u003e; or the (5) captchatext parameter to auth/lost-password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20170503 [CVE-2017-5870] Multiple XSS vulnerabilities in ViMbAdmin",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/05/03/8"
},
{
"name": "https://sysdream.com/news/lab/2017-05-03-cve-2017-5870-multiple-xss-vulnerabilities-in-vimbadmin/",
"refsource": "MISC",
"url": "https://sysdream.com/news/lab/2017-05-03-cve-2017-5870-multiple-xss-vulnerabilities-in-vimbadmin/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-5870",
"datePublished": "2017-05-23T03:56:00.000Z",
"dateReserved": "2017-02-02T00:00:00.000Z",
"dateUpdated": "2024-08-05T15:11:49.013Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}