CVE-2024-36453

Name of the Vulnerable Software and Affected Versions Webmin versions prior to 1.970 Usermin versions prior to 1.820

Description A cross-site scripting issue exists due to inadequate protection of the webpage structure in the session login.cgi script of Webmin and Usermin. This can be exploited by a remote attacker to conduct cross-site scripting attacks using a specially crafted link, potentially allowing an arbitrary script to be executed on the user's web browser, altering webpages or disclosing sensitive information such as credentials.

Recommendations For Webmin versions prior to 1.970, update to version 1.970 or later to resolve the issue. For Usermin versions prior to 1.820, update to version 1.820 or later to resolve the issue. As a temporary workaround, consider restricting access to the session login.cgi script until a patch is applied.