Page 2 of 11 results (0.038 seconds)

CVSS: 4.3EPSS: 0%CPEs: 115EXPL: 0

Cross-site scripting (XSS) vulnerability in Webmin before 1.500 and Usermin before 1.430 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Webmin anterior a 1.500 y Usermin anterior a 1.430, permite a atacantes remotos inyectar secuencias de comandos Web o HTML de su elección a través de vectores no especificados. • http://secunia.com/advisories/37648 http://www.mandriva.com/security/advisories?name=MDVSA-2010:036 http://www.securityfocus.com/bid/37259 http://www.vupen.com/english/advisories/2009/3457 http://www.webmin.com/security.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 1%CPEs: 2EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in pam_login.cgi in Webmin before 1.350 and Usermin before 1.280 allow remote attackers to inject arbitrary web script or HTML via the (1) cid, (2) message, or (3) question parameter. NOTE: some of these details are obtained from third party information. Múltiples vulnerabilidades de tipo cross-site scripting (XSS) en el archivo pam_login.cgi en webmin versiones anteriores a 1.350 y Usermin versiones anteriores a 1.280, permiten a atacantes remotos inyectar script web o HTML arbitrario por medio del parámetro (1) cid, (2) message o (3) question. NOTA: algunos de estos datos son obtenidos a partir de la información de terceros. • http://osvdb.org/36932 http://secunia.com/advisories/25580 http://secunia.com/advisories/25785 http://secunia.com/advisories/25956 http://security.gentoo.org/glsa/glsa-200707-05.xml http://www.mandriva.com/security/advisories?name=MDKSA-2007:135 http://www.securityfocus.com/bid/24381 http://www.vupen.com/english/advisories/2007/2117 http://www.webmin.com/changes-1.350.html http://www.webmin.com/security.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 44EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in chooser.cgi in Webmin before 1.330 and Usermin before 1.260 allow remote attackers to inject arbitrary web script or HTML via a crafted filename. Múltiples vulnerabilidades de tipo cross-site scripting (XSS) en el archivo chooser.cgi en Webmin versiones anteriores a 1.330 y Usermin versiones anteriores a 1.260, permite a atacantes remotos inyectar script web o HTML arbitrario por medio de un nombre de archivo diseñado. • http://osvdb.org/33832 http://secunia.com/advisories/24321 http://www.securitytracker.com/id?1017711 http://www.vupen.com/english/advisories/2007/0780 http://www.webmin.com/changes-1.330.html http://www.webmin.com/security.html https://exchange.xforce.ibmcloud.com/vulnerabilities/32725 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 3.6EPSS: 0%CPEs: 32EXPL: 0

Usermin before 1.220 (20060629) allows remote attackers to read arbitrary files, possibly related to chfn/save.cgi not properly handling an empty shell parameter, which results in changing root's shell instead of the shell of a specified user. Usermin anterior a 1.220 (20060629) permite a atacantes remotos leer ficheros de su elección, posiblemente relacionado con que chfn/save.cgi no está manejando adecuadamente un parámetro shell vacío, lo cual provoca un cambio al shell de root en vez de al shell del usuario especificado. • http://secunia.com/advisories/21968 http://secunia.com/advisories/21981 http://sourceforge.net/tracker/index.php?func=detail&aid=1509145&group_id=17457&atid=485894 http://www.debian.org/security/2006/dsa-1177 http://www.osreviews.net/reviews/admin/usermin http://www.securityfocus.com/bid/18574 http://www.vupen.com/english/advisories/2006/3668 http://www.webmin.com/uchanges.html https://exchange.xforce.ibmcloud.com/vulnerabilities/29010 •

CVSS: 6.8EPSS: 2%CPEs: 92EXPL: 0

Webmin before 1.296 and Usermin before 1.226 do not properly handle a URL with a null ("%00") character, which allows remote attackers to conduct cross-site scripting (XSS), read CGI program source code, list directories, and possibly execute programs. Webmin anterior a 1.296 y Usermin anterior a 1.226 no dirigidas adecuadamente una URL con un caracter nulo ("%00"), lo cual permite a un atacante remoto dirigir una secuencia de comandos de sitios cruzados (XSS), leer el código fuente del programa CGI, lista de directorios, y posiblemente ejecutar programas. • http://jvn.jp/jp/JVN%2399776858/index.html http://secunia.com/advisories/21690 http://secunia.com/advisories/22087 http://secunia.com/advisories/22114 http://secunia.com/advisories/22556 http://securitytracker.com/id?1016776 http://securitytracker.com/id?1016777 http://webmin.com/security.html http://www.debian.org/security/2006/dsa-1199 http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/89_e.html http://www.mandriva.com/security/advisories?name=MDKSA-2006:170 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •