Medium severity5.4NVD Advisory· Published May 23, 2017· Updated May 13, 2026
CVE-2017-5870
CVE-2017-5870
Description
Multiple cross-site scripting (XSS) vulnerabilities in ViMbAdmin 3.0.15 allow remote attackers to inject arbitrary web script or HTML via the (1) domain or (2) transport parameter to domain/add; the (3) name parameter to mailbox/add/did/<domain id>; the (4) goto parameter to alias/add/did/<domain id>; or the (5) captchatext parameter to auth/lost-password.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
opensolutions/vimbadminPackagist | <= 3.0.15 | — |
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- www.openwall.com/lists/oss-security/2017/05/03/8nvdExploitMailing ListThird Party AdvisoryWEB
- sysdream.com/news/lab/2017-05-03-cve-2017-5870-multiple-xss-vulnerabilities-in-vimbadmin/nvdExploitThird Party Advisory
- github.com/advisories/GHSA-jj4j-cwgq-fx7gghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2017-5870ghsaADVISORY
- web.archive.org/web/20201208133828/https://sysdream.com/news/lab/2017-05-03-cve-2017-5870-multiple-xss-vulnerabilities-in-vimbadminghsaWEB
News mentions
0No linked articles in our index yet.