CVE-2009-4568
https://notcve.org/view.php?id=CVE-2009-4568
Cross-site scripting (XSS) vulnerability in Webmin before 1.500 and Usermin before 1.430 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Webmin anterior a 1.500 y Usermin anterior a 1.430, permite a atacantes remotos inyectar secuencias de comandos Web o HTML de su elección a través de vectores no especificados. • http://secunia.com/advisories/37648 http://www.mandriva.com/security/advisories?name=MDVSA-2010:036 http://www.securityfocus.com/bid/37259 http://www.vupen.com/english/advisories/2009/3457 http://www.webmin.com/security.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2007-5066
https://notcve.org/view.php?id=CVE-2007-5066
Unspecified vulnerability in Webmin before 1.370 on Windows allows remote authenticated users to execute arbitrary commands via a crafted URL. Vulnerabilidad no especificada en Webmin versiones anteriores a 1.370 en Windows permite a usuarios remotos autenticados ejecutar comandos de su elección mediante un URL manipulado. • http://osvdb.org/40772 http://secunia.com/advisories/26885 http://www.securityfocus.com/bid/25773 http://www.securitytracker.com/id?1018731 http://www.vupen.com/english/advisories/2007/3243 http://www.webmin.com/security.html https://exchange.xforce.ibmcloud.com/vulnerabilities/36759 • CWE-20: Improper Input Validation •
CVE-2007-3156
https://notcve.org/view.php?id=CVE-2007-3156
Multiple cross-site scripting (XSS) vulnerabilities in pam_login.cgi in Webmin before 1.350 and Usermin before 1.280 allow remote attackers to inject arbitrary web script or HTML via the (1) cid, (2) message, or (3) question parameter. NOTE: some of these details are obtained from third party information. Múltiples vulnerabilidades de tipo cross-site scripting (XSS) en el archivo pam_login.cgi en webmin versiones anteriores a 1.350 y Usermin versiones anteriores a 1.280, permiten a atacantes remotos inyectar script web o HTML arbitrario por medio del parámetro (1) cid, (2) message o (3) question. NOTA: algunos de estos datos son obtenidos a partir de la información de terceros. • http://osvdb.org/36932 http://secunia.com/advisories/25580 http://secunia.com/advisories/25785 http://secunia.com/advisories/25956 http://security.gentoo.org/glsa/glsa-200707-05.xml http://www.mandriva.com/security/advisories?name=MDKSA-2007:135 http://www.securityfocus.com/bid/24381 http://www.vupen.com/english/advisories/2007/2117 http://www.webmin.com/changes-1.350.html http://www.webmin.com/security.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •