VYPR

Packagist (Composer) package

opensolutions/vimbadmin

pkg:composer/opensolutions/vimbadmin

Vulnerabilities (2)

  • CVE-2017-6086HigJun 27, 2017
    affected <= 3.0.15

    Multiple cross-site request forgery (CSRF) vulnerabilities in the addAction and purgeAction functions in ViMbAdmin 3.0.15 allow remote attackers to hijack the authentication of logged administrators to (1) add an administrator user via a crafted POST request to <vimbadmin directo

  • CVE-2017-5870MedMay 23, 2017
    affected <= 3.0.15

    Multiple cross-site scripting (XSS) vulnerabilities in ViMbAdmin 3.0.15 allow remote attackers to inject arbitrary web script or HTML via the (1) domain or (2) transport parameter to domain/add; the (3) name parameter to mailbox/add/did/; the (4) goto parameter to alia