CVE-2006-4542
Severity Score
6.1
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Webmin before 1.296 and Usermin before 1.226 do not properly handle a URL with a null ("%00") character, which allows remote attackers to conduct cross-site scripting (XSS), read CGI program source code, list directories, and possibly execute programs.
Webmin anterior a 1.296 y Usermin anterior a 1.226 no dirigidas adecuadamente una URL con un caracter nulo ("%00"), lo cual permite a un atacante remoto dirigir una secuencia de comandos de sitios cruzados (XSS), leer el código fuente del programa CGI, lista de directorios, y posiblemente ejecutar programas.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2006-09-05 CVE Reserved
- 2006-09-05 CVE Published
- 2024-08-07 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (16)
| URL | Tag | Source |
|---|---|---|
| http://secunia.com/advisories/22087 | Third Party Advisory | |
| http://secunia.com/advisories/22114 | Third Party Advisory | |
| http://secunia.com/advisories/22556 | Third Party Advisory | |
| http://securitytracker.com/id?1016776 | Vdb Entry | |
| http://securitytracker.com/id?1016777 | Vdb Entry | |
| http://www.osvdb.org/28337 | Vdb Entry | |
| http://www.osvdb.org/28338 | Vdb Entry | |
| http://www.securityfocus.com/bid/19820 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/28699 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://jvn.jp/jp/JVN%2399776858/index.html | 2017-07-20 | |
| http://secunia.com/advisories/21690 | 2017-07-20 | |
| http://webmin.com/security.html | 2017-07-20 | |
| http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/89_e.html | 2017-07-20 |
| URL | Date | SRC |
|---|---|---|
| http://www.debian.org/security/2006/dsa-1199 | 2017-07-20 | |
| http://www.mandriva.com/security/advisories?name=MDKSA-2006:170 | 2017-07-20 | |
| http://www.vupen.com/english/advisories/2006/3424 | 2017-07-20 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Usermin Search vendor "Usermin" | Usermin Search vendor "Usermin" for product "Usermin" | <= 1.220 Search vendor "Usermin" for product "Usermin" and version " <= 1.220" | - |
Affected
| ||||||
| Usermin Search vendor "Usermin" | Usermin Search vendor "Usermin" for product "Usermin" | 0.4 Search vendor "Usermin" for product "Usermin" and version "0.4" | - |
Affected
| ||||||
| Usermin Search vendor "Usermin" | Usermin Search vendor "Usermin" for product "Usermin" | 0.5 Search vendor "Usermin" for product "Usermin" and version "0.5" | - |
Affected
| ||||||
| Usermin Search vendor "Usermin" | Usermin Search vendor "Usermin" for product "Usermin" | 0.6 Search vendor "Usermin" for product "Usermin" and version "0.6" | - |
Affected
| ||||||
| Usermin Search vendor "Usermin" | Usermin Search vendor "Usermin" for product "Usermin" | 0.7 Search vendor "Usermin" for product "Usermin" and version "0.7" | - |
Affected
| ||||||
| Usermin Search vendor "Usermin" | Usermin Search vendor "Usermin" for product "Usermin" | 0.8 Search vendor "Usermin" for product "Usermin" and version "0.8" | - |
Affected
| ||||||
| Usermin Search vendor "Usermin" | Usermin Search vendor "Usermin" for product "Usermin" | 0.9 Search vendor "Usermin" for product "Usermin" and version "0.9" | - |
Affected
| ||||||
| Usermin Search vendor "Usermin" | Usermin Search vendor "Usermin" for product "Usermin" | 0.91 Search vendor "Usermin" for product "Usermin" and version "0.91" | - |
Affected
| ||||||
| Usermin Search vendor "Usermin" | Usermin Search vendor "Usermin" for product "Usermin" | 0.92 Search vendor "Usermin" for product "Usermin" and version "0.92" | - |
Affected
| ||||||
| Usermin Search vendor "Usermin" | Usermin Search vendor "Usermin" for product "Usermin" | 0.93 Search vendor "Usermin" for product "Usermin" and version "0.93" | - |
Affected
| ||||||
| Usermin Search vendor "Usermin" | Usermin Search vendor "Usermin" for product "Usermin" | 0.94 Search vendor "Usermin" for product "Usermin" and version "0.94" | - |
Affected
| ||||||
| Usermin Search vendor "Usermin" | Usermin Search vendor "Usermin" for product "Usermin" | 0.95 Search vendor "Usermin" for product "Usermin" and version "0.95" | - |
Affected
| ||||||
| Usermin Search vendor "Usermin" | Usermin Search vendor "Usermin" for product "Usermin" | 0.96 Search vendor "Usermin" for product "Usermin" and version "0.96" | - |
Affected
| ||||||
| Usermin Search vendor "Usermin" | Usermin Search vendor "Usermin" for product "Usermin" | 0.97 Search vendor "Usermin" for product "Usermin" and version "0.97" | - |
Affected
| ||||||
| Usermin Search vendor "Usermin" | Usermin Search vendor "Usermin" for product "Usermin" | 0.98 Search vendor "Usermin" for product "Usermin" and version "0.98" | - |
Affected
| ||||||
| Usermin Search vendor "Usermin" | Usermin Search vendor "Usermin" for product "Usermin" | 0.99 Search vendor "Usermin" for product "Usermin" and version "0.99" | - |
Affected
| ||||||
| Usermin Search vendor "Usermin" | Usermin Search vendor "Usermin" for product "Usermin" | 1.000 Search vendor "Usermin" for product "Usermin" and version "1.000" | - |
Affected
| ||||||
| Usermin Search vendor "Usermin" | Usermin Search vendor "Usermin" for product "Usermin" | 1.010 Search vendor "Usermin" for product "Usermin" and version "1.010" | - |
Affected
| ||||||
| Usermin Search vendor "Usermin" | Usermin Search vendor "Usermin" for product "Usermin" | 1.020 Search vendor "Usermin" for product "Usermin" and version "1.020" | - |
Affected
| ||||||
| Usermin Search vendor "Usermin" | Usermin Search vendor "Usermin" for product "Usermin" | 1.030 Search vendor "Usermin" for product "Usermin" and version "1.030" | - |
Affected
| ||||||
| Usermin Search vendor "Usermin" | Usermin Search vendor "Usermin" for product "Usermin" | 1.040 Search vendor "Usermin" for product "Usermin" and version "1.040" | - |
Affected
| ||||||
| Usermin Search vendor "Usermin" | Usermin Search vendor "Usermin" for product "Usermin" | 1.051 Search vendor "Usermin" for product "Usermin" and version "1.051" | - |
Affected
| ||||||
| Usermin Search vendor "Usermin" | Usermin Search vendor "Usermin" for product "Usermin" | 1.060 Search vendor "Usermin" for product "Usermin" and version "1.060" | - |
Affected
| ||||||
| Usermin Search vendor "Usermin" | Usermin Search vendor "Usermin" for product "Usermin" | 1.070 Search vendor "Usermin" for product "Usermin" and version "1.070" | - |
Affected
| ||||||
| Usermin Search vendor "Usermin" | Usermin Search vendor "Usermin" for product "Usermin" | 1.080 Search vendor "Usermin" for product "Usermin" and version "1.080" | - |
Affected
| ||||||
| Usermin Search vendor "Usermin" | Usermin Search vendor "Usermin" for product "Usermin" | 1.090 Search vendor "Usermin" for product "Usermin" and version "1.090" | - |
Affected
| ||||||
| Usermin Search vendor "Usermin" | Usermin Search vendor "Usermin" for product "Usermin" | 1.100 Search vendor "Usermin" for product "Usermin" and version "1.100" | - |
Affected
| ||||||
| Usermin Search vendor "Usermin" | Usermin Search vendor "Usermin" for product "Usermin" | 1.110 Search vendor "Usermin" for product "Usermin" and version "1.110" | - |
Affected
| ||||||
| Usermin Search vendor "Usermin" | Usermin Search vendor "Usermin" for product "Usermin" | 1.120 Search vendor "Usermin" for product "Usermin" and version "1.120" | - |
Affected
| ||||||
| Usermin Search vendor "Usermin" | Usermin Search vendor "Usermin" for product "Usermin" | 1.130 Search vendor "Usermin" for product "Usermin" and version "1.130" | - |
Affected
| ||||||
| Usermin Search vendor "Usermin" | Usermin Search vendor "Usermin" for product "Usermin" | 1.140 Search vendor "Usermin" for product "Usermin" and version "1.140" | - |
Affected
| ||||||
| Usermin Search vendor "Usermin" | Usermin Search vendor "Usermin" for product "Usermin" | 1.150 Search vendor "Usermin" for product "Usermin" and version "1.150" | - |
Affected
| ||||||
| Usermin Search vendor "Usermin" | Usermin Search vendor "Usermin" for product "Usermin" | 1.210 Search vendor "Usermin" for product "Usermin" and version "1.210" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | <= 1.2.90 Search vendor "Webmin" for product "Webmin" and version " <= 1.2.90" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 0.1 Search vendor "Webmin" for product "Webmin" and version "0.1" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 0.2 Search vendor "Webmin" for product "Webmin" and version "0.2" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 0.3 Search vendor "Webmin" for product "Webmin" and version "0.3" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 0.4 Search vendor "Webmin" for product "Webmin" and version "0.4" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 0.5 Search vendor "Webmin" for product "Webmin" and version "0.5" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 0.6 Search vendor "Webmin" for product "Webmin" and version "0.6" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 0.7 Search vendor "Webmin" for product "Webmin" and version "0.7" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 0.21 Search vendor "Webmin" for product "Webmin" and version "0.21" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 0.22 Search vendor "Webmin" for product "Webmin" and version "0.22" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 0.31 Search vendor "Webmin" for product "Webmin" and version "0.31" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 0.41 Search vendor "Webmin" for product "Webmin" and version "0.41" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 0.42 Search vendor "Webmin" for product "Webmin" and version "0.42" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 0.51 Search vendor "Webmin" for product "Webmin" and version "0.51" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 0.76 Search vendor "Webmin" for product "Webmin" and version "0.76" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 0.77 Search vendor "Webmin" for product "Webmin" and version "0.77" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 0.78 Search vendor "Webmin" for product "Webmin" and version "0.78" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 0.79 Search vendor "Webmin" for product "Webmin" and version "0.79" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 0.80 Search vendor "Webmin" for product "Webmin" and version "0.80" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 0.83 Search vendor "Webmin" for product "Webmin" and version "0.83" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 0.84 Search vendor "Webmin" for product "Webmin" and version "0.84" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 0.85 Search vendor "Webmin" for product "Webmin" and version "0.85" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 0.88 Search vendor "Webmin" for product "Webmin" and version "0.88" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 0.90 Search vendor "Webmin" for product "Webmin" and version "0.90" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 0.91 Search vendor "Webmin" for product "Webmin" and version "0.91" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 0.92 Search vendor "Webmin" for product "Webmin" and version "0.92" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 0.92.1 Search vendor "Webmin" for product "Webmin" and version "0.92.1" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 0.93 Search vendor "Webmin" for product "Webmin" and version "0.93" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 0.94 Search vendor "Webmin" for product "Webmin" and version "0.94" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 0.95 Search vendor "Webmin" for product "Webmin" and version "0.95" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 0.96 Search vendor "Webmin" for product "Webmin" and version "0.96" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 0.97 Search vendor "Webmin" for product "Webmin" and version "0.97" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 0.98 Search vendor "Webmin" for product "Webmin" and version "0.98" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 0.99 Search vendor "Webmin" for product "Webmin" and version "0.99" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 1.0.00 Search vendor "Webmin" for product "Webmin" and version "1.0.00" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 1.0.10 Search vendor "Webmin" for product "Webmin" and version "1.0.10" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 1.0.20 Search vendor "Webmin" for product "Webmin" and version "1.0.20" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 1.0.30 Search vendor "Webmin" for product "Webmin" and version "1.0.30" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 1.0.40 Search vendor "Webmin" for product "Webmin" and version "1.0.40" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 1.0.50 Search vendor "Webmin" for product "Webmin" and version "1.0.50" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 1.0.51 Search vendor "Webmin" for product "Webmin" and version "1.0.51" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 1.0.60 Search vendor "Webmin" for product "Webmin" and version "1.0.60" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 1.0.70 Search vendor "Webmin" for product "Webmin" and version "1.0.70" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 1.0.80 Search vendor "Webmin" for product "Webmin" and version "1.0.80" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 1.0.90 Search vendor "Webmin" for product "Webmin" and version "1.0.90" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 1.1.00 Search vendor "Webmin" for product "Webmin" and version "1.1.00" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 1.1.10 Search vendor "Webmin" for product "Webmin" and version "1.1.10" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 1.1.20 Search vendor "Webmin" for product "Webmin" and version "1.1.20" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 1.1.21 Search vendor "Webmin" for product "Webmin" and version "1.1.21" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 1.1.30 Search vendor "Webmin" for product "Webmin" and version "1.1.30" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 1.1.40 Search vendor "Webmin" for product "Webmin" and version "1.1.40" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 1.1.50 Search vendor "Webmin" for product "Webmin" and version "1.1.50" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 1.2.20 Search vendor "Webmin" for product "Webmin" and version "1.2.20" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 1.2.30 Search vendor "Webmin" for product "Webmin" and version "1.2.30" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 1.2.40 Search vendor "Webmin" for product "Webmin" and version "1.2.40" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 1.2.50 Search vendor "Webmin" for product "Webmin" and version "1.2.50" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 1.2.60 Search vendor "Webmin" for product "Webmin" and version "1.2.60" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 1.2.70 Search vendor "Webmin" for product "Webmin" and version "1.2.70" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 1.2.80 Search vendor "Webmin" for product "Webmin" and version "1.2.80" | - |
Affected
| ||||||