CVSS: 4.3EPSS: 0%CPEs: 9EXPL: 0CVE-2014-3885
https://notcve.org/view.php?id=CVE-2014-3885
Cross-site scripting (XSS) vulnerability in Webmin before 1.690 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. NOTE: this might overlap CVE-2014-3924. Vulnerabilidad de XSS en Webmin anterior a 1.690 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. NOTA: esto podría solaparse con CVE-2014-3924. • http://jvn.jp/en/jp/JVN49974594/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2014-000059 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 2.6EPSS: 0%CPEs: 9EXPL: 0CVE-2014-3886
https://notcve.org/view.php?id=CVE-2014-3886
Cross-site scripting (XSS) vulnerability in Webmin before 1.690, when referrer checking is disabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this might overlap CVE-2014-3924. Vulnerabilidad de XSS en Webmin anterior a 1.690, cuando la comprobación de referenciadores está deshabilitada, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. NOTA: esto podría solaparse con CVE-2014-3924. • http://jvn.jp/en/jp/JVN02213197/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2014-000060 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2014-3924
https://notcve.org/view.php?id=CVE-2014-3924
Multiple cross-site scripting (XSS) vulnerabilities in Webmin before 1.690 and Usermin before 1.600 allow remote attackers to inject arbitrary web script or HTML via vectors related to popup windows. Múltiples vulnerabilidades de XSS en Webmin anterior a 1.690 y Usermin anterior a 1.600 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores relacionados con ventanas emergentes. • http://secunia.com/advisories/58917 http://secunia.com/advisories/58919 http://www.securityfocus.com/bid/67647 http://www.securityfocus.com/bid/67649 http://www.securitytracker.com/id/1030296 http://www.securitytracker.com/id/1030297 http://www.webmin.com/changes.html http://www.webmin.com/uchanges.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 2CVE-2014-0339
https://notcve.org/view.php?id=CVE-2014-0339
Cross-site scripting (XSS) vulnerability in view.cgi in Webmin before 1.680 allows remote attackers to inject arbitrary web script or HTML via the search parameter. Vulnerabilidad de XSS en view.cgi en Webmin anterior a 1.680 permite a atacantes remotos inyectar script Web o HTML arbitrarios a través del parámetro search. • http://seclists.org/fulldisclosure/2014/Mar/274 http://www-01.ibm.com/support/docview.wss?uid=swg21679713 http://www.kb.cert.org/vuls/id/381692 http://www.securityfocus.com/bid/66248 http://www.webmin.com/changes.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 39EXPL: 0CVE-2012-4893
https://notcve.org/view.php?id=CVE-2012-4893
Multiple cross-site request forgery (CSRF) vulnerabilities in file/show.cgi in Webmin 1.590 and earlier allow remote attackers to hijack the authentication of privileged users for requests that (1) read files or execute (2) tar, (3) zip, or (4) gzip commands, a different issue than CVE-2012-2982. Múltiples vulnerabilidades de falsificación de petición en sitios cruzados (CSRF) en file/show.cgi en Webmin v1.590 y anteriores, permite a atacantes remotos secuestrar la autenticación de usaurios privilegiados para peticiones que (1) leen archivos o ejecutan comandos (2) tar, (3) zip, o (4) gzip, una cuestion diferente de CVE-2012-2982. • http://americaninfosec.com/research/index.html http://www.americaninfosec.com/research/dossiers/AISG-12-001.pdf http://www.kb.cert.org/vuls/id/788478 • CWE-352: Cross-Site Request Forgery (CSRF) •