PT-2024-5589 · Webmin+1 · Webmin+1
Toshitsugu Yoneyama
·
Published
2024-07-09
·
Updated
2024-09-17
·
CVE-2024-36450
CVSS v2.0
5.5
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Webmin versions prior to 1.910
Description
A cross-site scripting vulnerability exists in the sysinfo.cgi of Webmin. If this issue is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product. As a result, a session ID may be obtained, a webpage may be altered, or a server may be halted.
Recommendations
For Webmin versions prior to 1.910, update to version 1.910 or later to resolve the issue. As a temporary workaround, consider restricting access to the sysinfo.cgi script until a patch is applied.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Red Os
Webmin