CVE-2018-19191

Name of the Vulnerable Software and Affected Versions Webmin version 1.890

Description The issue concerns an XSS vulnerability. It can be exploited via several API endpoints, including "/config.cgi?webmin", the history parameter in "/shell/index.cgi", the "/shell/index.cgi?stripped=1" endpoint, or the uall or mall parameters in "/webminlog/search.cgi".

Recommendations For Webmin version 1.890, consider disabling access to the vulnerable API endpoints, such as "/config.cgi?webmin", "/shell/index.cgi", and "/webminlog/search.cgi", until a patch is available. Avoid using the history, uall, and mall parameters in the affected endpoints to minimize the risk of exploitation.