Webmin 1.973 is affected by reflected Cross Site Scripting (XSS) to achieve Remote Command Execution through Webmin's running process feature.
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:HWebmin
APPWebmin1.973
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
XSS
CWE
Referencje
Powiązane podatności
CVE-2019-15107CRITICAL9.8⚠ KEVten sam produkt
An issue was discovered in Webmin <=1.920. The parameter old in password_change.cgi contains a command injecti...
CVE-2022-36446CRITICAL9.8ten sam produkt
software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command.
CVE-2021-32157CRITICAL9.6ten sam produkt
A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 via the Scheduled Cron Jobs feature.
CVE-2020-35769CRITICAL9.8ten sam produkt
miniserv.pl in Webmin 1.962 on Windows mishandles special characters in query arguments to the CGI program.
CVE-2018-8712CRITICAL9.8ten sam produkt
An issue was discovered in Webmin 1.840 and 1.880 when the default Yes setting of "Can view any file as a log ...