CVE-2017-9313
Webmin 1.840 Cross Site Scripting
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Multiple Cross-site scripting (XSS) vulnerabilities in Webmin before 1.850 allow remote attackers to inject arbitrary web script or HTML via the sec parameter to view_man.cgi, the referers parameter to change_referers.cgi, or the name parameter to save_user.cgi. NOTE: these issues were not fixed in 1.840.
Múltiples vulnerabilidades de tipo cross-site-scripting (XSS) en Webmin anterior a la versión 1.850, permiten a los atacantes remotos inyectar script web o HTML arbitrario por medio del parámetro sec en el archivo view_man.cgi, el parámetro referers en el archivo change_referers.cgi, o el parámetro name en el archivo save_user.cgi. NOTA: estos problemas no fueron corregidos en la versión 1.840.
Webmin version 1.840 suffers from a cross site scripting vulnerability.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-05-30 CVE Reserved
- 2017-07-03 CVE Published
- 2023-05-08 EPSS Updated
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/99373 | Third Party Advisory | |
| http://www.securitytracker.com/id/1038814 | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| http://seclists.org/bugtraq/2017/Jul/3 | 2024-08-05 |
| URL | Date | SRC |
|---|---|---|
| https://github.com/webmin/webmin/commit/a330e913ee099cb9c586ce1b9267647fc566c1ab | 2017-07-10 | |
| https://github.com/webmin/webmin/commit/c2d4a90639afb2403979aa91ba75cb332ae16d1b | 2017-07-10 |
| URL | Date | SRC |
|---|---|---|
| http://www.webmin.com/changes.html | 2017-07-10 |