Webmin / Usermin Login Cross Site Scripting Vulnerability Network Vulnerability

Summary

This host is running Webmin/Usermin and is prone to cross site scripting vulnerability.

Impact

Successful exploitation will allow remote attackers to insert arbitrary HTML and script code, which will be executed in a user's browser session in the context of an affected site. Impact Level: Application

Solution

Upgrade to Webmin version 0.970, Usermin version 0.910 or later. For updates refer to http://www.webmin.com/download.html

Insight

The flaw is due to improper validation of user-supplied input via the authentication page, which allows attackers to execute arbitrary HTML and script code in a user's browser session in the context of an affected site.

Affected

Webmin version 0.96 Usermin version 0.90

References

http://archives.neohapsis.com/archives/bugtraq/2002-05/0040.html
http://xforce.iss.net/xforce/xfdb/9036

Updated on 2015-03-25

Severity

Classification

CVE CVE-2002-0756
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

aflog Cookie-Based Authentication Bypass Vulnerability
ALCASAR Remote Code Execution Vulnerability
A-A-S Application Access Server Multiple Vulnerabilities
A Really Simple Chat Multiple SQL Injection Vulnerabilities
4psa Voipnow Local File Inclusion Vulnerability

Take action and discover your vulnerabilities