Description

Cross-site scripting vulnerability exists in session_login.cgi of Webmin versions prior to 1.970 and Usermin versions prior to 1.820. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product. As a result, a webpage may be altered or sensitive information such as a credential may be disclosed.

Related CPE's

a

webmin

usermin

Vulnerable

a

webmin

webmin

Vulnerable

References

https://jvn.jp/en/jp/JVN81442045/

Third Party Advisory

https://webmin.com/

Product

https://webmin.com/usermin/

Product

https://jvn.jp/en/jp/JVN81442045/

Third Party Advisory

https://webmin.com/

Product

https://webmin.com/usermin/

Product

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0

Secondary
CWE-79

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.1 · Medium

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2024-07-10T05:15:03.177Z

1 year ago

Last modified

2025-10-08T14:54:02.857Z

5 months ago