Description

Cross-site scripting vulnerability exists in sysinfo.cgi of Webmin versions prior to 1.910. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product. As a result, a session ID may be obtained, a webpage may be altered, or a server may be halted.

Related CPE's

a

webmin

webmin

Vulnerable

References

https://jvn.jp/en/jp/JVN81442045/

Third Party Advisory

https://webmin.com/

Product

https://jvn.jp/en/jp/JVN81442045/

Third Party Advisory

https://webmin.com/

Product

Weaknesses

[email protected]

Primary
CWE-79

134c704f-9b21-4f2e-91b3-4a467353bcc0

Secondary
CWE-79

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

5.4 · Medium

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2024-07-10T05:15:02.893Z

1 year ago

Last modified

2025-03-13T14:15:44.973Z

11 months ago