CVE-2011-1937
Severity Score
5.4
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
5
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Cross-site scripting (XSS) vulnerability in Webmin 1.540 and earlier allows local users to inject arbitrary web script or HTML via a chfn command that changes the real (aka Full Name) field, related to useradmin/index.cgi and useradmin/user-lib.pl.
Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Webmin 1.540 y versiones anteriores permite a usuarios remotos inyectar codigo de script web o código HTML de su elección a través de un comando chfn que modifica el campo real (Full Name). Relacionado con useradmin/index.cgi y useradmin/user-lib.pl.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2011-05-09 CVE Reserved
- 2011-05-31 CVE Published
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (10)
| URL | Tag | Source |
|---|---|---|
| http://openwall.com/lists/oss-security/2011/05/22/1 | Mailing List | |
| http://securityreason.com/securityalert/8264 | Third Party Advisory | |
| http://www.securityfocus.com/bid/47558 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| http://javierb.com.ar/2011/04/24/xss-webmin-1-540 | 2024-08-06 | |
| http://openwall.com/lists/oss-security/2011/05/24/7 | 2024-08-06 | |
| http://securitytracker.com/id?1025438 | 2024-08-06 | |
| http://www.securityfocus.com/archive/1/517658 | 2024-08-06 | |
| http://www.youtube.com/watch?v=CUO7JLIGUf0 | 2024-08-06 |
| URL | Date | SRC |
|---|---|---|
| https://github.com/webmin/webmin/commit/46e3d3ad195dcdc1af1795c96b6e0dc778fb6881 | 2011-09-22 |
| URL | Date | SRC |
|---|---|---|
| http://www.mandriva.com/security/advisories?name=MDVSA-2011:109 | 2011-09-22 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | <= 1.540 Search vendor "Webmin" for product "Webmin" and version " <= 1.540" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 0.75 Search vendor "Webmin" for product "Webmin" and version "0.75" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 0.76 Search vendor "Webmin" for product "Webmin" and version "0.76" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 0.77 Search vendor "Webmin" for product "Webmin" and version "0.77" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 0.78 Search vendor "Webmin" for product "Webmin" and version "0.78" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 0.79 Search vendor "Webmin" for product "Webmin" and version "0.79" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 0.80 Search vendor "Webmin" for product "Webmin" and version "0.80" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 0.81 Search vendor "Webmin" for product "Webmin" and version "0.81" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 0.82 Search vendor "Webmin" for product "Webmin" and version "0.82" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 0.83 Search vendor "Webmin" for product "Webmin" and version "0.83" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 0.84 Search vendor "Webmin" for product "Webmin" and version "0.84" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 0.85 Search vendor "Webmin" for product "Webmin" and version "0.85" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 0.86 Search vendor "Webmin" for product "Webmin" and version "0.86" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 0.87 Search vendor "Webmin" for product "Webmin" and version "0.87" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 0.88 Search vendor "Webmin" for product "Webmin" and version "0.88" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 0.91 Search vendor "Webmin" for product "Webmin" and version "0.91" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 0.92 Search vendor "Webmin" for product "Webmin" and version "0.92" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 0.93 Search vendor "Webmin" for product "Webmin" and version "0.93" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 0.94 Search vendor "Webmin" for product "Webmin" and version "0.94" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 0.950 Search vendor "Webmin" for product "Webmin" and version "0.950" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 0.960 Search vendor "Webmin" for product "Webmin" and version "0.960" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 0.970 Search vendor "Webmin" for product "Webmin" and version "0.970" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 0.980 Search vendor "Webmin" for product "Webmin" and version "0.980" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 0.990 Search vendor "Webmin" for product "Webmin" and version "0.990" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 1.000 Search vendor "Webmin" for product "Webmin" and version "1.000" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 1.010 Search vendor "Webmin" for product "Webmin" and version "1.010" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 1.020 Search vendor "Webmin" for product "Webmin" and version "1.020" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 1.030 Search vendor "Webmin" for product "Webmin" and version "1.030" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 1.040 Search vendor "Webmin" for product "Webmin" and version "1.040" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 1.050 Search vendor "Webmin" for product "Webmin" and version "1.050" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 1.060 Search vendor "Webmin" for product "Webmin" and version "1.060" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 1.070 Search vendor "Webmin" for product "Webmin" and version "1.070" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 1.080 Search vendor "Webmin" for product "Webmin" and version "1.080" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 1.090 Search vendor "Webmin" for product "Webmin" and version "1.090" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 1.100 Search vendor "Webmin" for product "Webmin" and version "1.100" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 1.110 Search vendor "Webmin" for product "Webmin" and version "1.110" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 1.121 Search vendor "Webmin" for product "Webmin" and version "1.121" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 1.130 Search vendor "Webmin" for product "Webmin" and version "1.130" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 1.140 Search vendor "Webmin" for product "Webmin" and version "1.140" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 1.150 Search vendor "Webmin" for product "Webmin" and version "1.150" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 1.160 Search vendor "Webmin" for product "Webmin" and version "1.160" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 1.170 Search vendor "Webmin" for product "Webmin" and version "1.170" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 1.180 Search vendor "Webmin" for product "Webmin" and version "1.180" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 1.190 Search vendor "Webmin" for product "Webmin" and version "1.190" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 1.200 Search vendor "Webmin" for product "Webmin" and version "1.200" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 1.210 Search vendor "Webmin" for product "Webmin" and version "1.210" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 1.220 Search vendor "Webmin" for product "Webmin" and version "1.220" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 1.230 Search vendor "Webmin" for product "Webmin" and version "1.230" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 1.240 Search vendor "Webmin" for product "Webmin" and version "1.240" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 1.250 Search vendor "Webmin" for product "Webmin" and version "1.250" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 1.260 Search vendor "Webmin" for product "Webmin" and version "1.260" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 1.270 Search vendor "Webmin" for product "Webmin" and version "1.270" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 1.280 Search vendor "Webmin" for product "Webmin" and version "1.280" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 1.290 Search vendor "Webmin" for product "Webmin" and version "1.290" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 1.300 Search vendor "Webmin" for product "Webmin" and version "1.300" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 1.310 Search vendor "Webmin" for product "Webmin" and version "1.310" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 1.320 Search vendor "Webmin" for product "Webmin" and version "1.320" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 1.330 Search vendor "Webmin" for product "Webmin" and version "1.330" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 1.340 Search vendor "Webmin" for product "Webmin" and version "1.340" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 1.350 Search vendor "Webmin" for product "Webmin" and version "1.350" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 1.360 Search vendor "Webmin" for product "Webmin" and version "1.360" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 1.370 Search vendor "Webmin" for product "Webmin" and version "1.370" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 1.380 Search vendor "Webmin" for product "Webmin" and version "1.380" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 1.390 Search vendor "Webmin" for product "Webmin" and version "1.390" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 1.400 Search vendor "Webmin" for product "Webmin" and version "1.400" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 1.410 Search vendor "Webmin" for product "Webmin" and version "1.410" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 1.420 Search vendor "Webmin" for product "Webmin" and version "1.420" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 1.430 Search vendor "Webmin" for product "Webmin" and version "1.430" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 1.440 Search vendor "Webmin" for product "Webmin" and version "1.440" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 1.441 Search vendor "Webmin" for product "Webmin" and version "1.441" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 1.450 Search vendor "Webmin" for product "Webmin" and version "1.450" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 1.460 Search vendor "Webmin" for product "Webmin" and version "1.460" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 1.470 Search vendor "Webmin" for product "Webmin" and version "1.470" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 1.480 Search vendor "Webmin" for product "Webmin" and version "1.480" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 1.490 Search vendor "Webmin" for product "Webmin" and version "1.490" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 1.500 Search vendor "Webmin" for product "Webmin" and version "1.500" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 1.510 Search vendor "Webmin" for product "Webmin" and version "1.510" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 1.520 Search vendor "Webmin" for product "Webmin" and version "1.520" | - |
Affected
| ||||||
| Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 1.530 Search vendor "Webmin" for product "Webmin" and version "1.530" | - |
Affected
| ||||||