ViMbAdmin Cross-site Scripting Vulnerabilities

2022-05-1702:43:11

Google

osv.dev

vimbadmin

cross-site scripting

xss

remote attackers

web script injection

html injection

domain parameter

transport parameter

name parameter

goto parameter

captchatext parameter

lost-password parameter

security vulnerability

software

AI Score

5.8

Confidence

High

EPSS

0.001

Percentile

39.4%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in ViMbAdmin 3.0.15 allow remote attackers to inject arbitrary web script or HTML via the (1) domain or (2) transport parameter to domain/add; the (3) name parameter to mailbox/add/did/<domain id>; the (4) goto parameter to alias/add/did/<domain id>; or the (5) captchatext parameter to auth/lost-password.

CPENameOperatorVersion
opensolutions/vimbadmineq3.0.15
opensolutions/vimbadmineq3.0.12
opensolutions/vimbadmineq3.0.11
opensolutions/vimbadmineq3.0.0
opensolutions/vimbadmineq3.0.10
opensolutions/vimbadmineq3.0.1
opensolutions/vimbadmineq3.0.14
opensolutions/vimbadmineq3.0.5
opensolutions/vimbadmineq3.0.8
opensolutions/vimbadmineq3.0.9

Name	Operator	Version
opensolutions/vimbadmin	eq	3.0.15
opensolutions/vimbadmin	eq	3.0.12
opensolutions/vimbadmin	eq	3.0.11
opensolutions/vimbadmin	eq	3.0.0
opensolutions/vimbadmin	eq	3.0.10
opensolutions/vimbadmin	eq	3.0.1
opensolutions/vimbadmin	eq	3.0.14
opensolutions/vimbadmin	eq	3.0.5
opensolutions/vimbadmin	eq	3.0.8
opensolutions/vimbadmin	eq	3.0.9