Описание
Multiple cross-site scripting (XSS) vulnerabilities in pam_login.cgi in Webmin before 1.350 and Usermin before 1.280 allow remote attackers to inject arbitrary web script or HTML via the (1) cid, (2) message, or (3) question parameter. NOTE: some of these details are obtained from third party information.
Ссылки
- PatchVendor Advisory
- Vendor Advisory
- Vendor Advisory
- Patch
- Vendor Advisory
- PatchVendor Advisory
- Vendor Advisory
- Vendor Advisory
- Patch
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.280 (включая)Версия до 1.340 (включая)
Одно из
cpe:2.3:a:webmin:usermin:*:*:*:*:*:*:*:*
cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*
EPSS
Процентиль: 74%
0.00859
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-79
Связанные уязвимости
debian
больше 18 лет назад
Multiple cross-site scripting (XSS) vulnerabilities in pam_login.cgi i ...
github
больше 3 лет назад
Multiple cross-site scripting (XSS) vulnerabilities in pam_login.cgi in Webmin before 1.350 and Usermin before 1.280 allow remote attackers to inject arbitrary web script or HTML via the (1) cid, (2) message, or (3) question parameter. NOTE: some of these details are obtained from third party information.
EPSS
Процентиль: 74%
0.00859
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-79