CVE-2011-1937

Published: May 31, 2011

Modified: Aug 6, 2024

PUBLISHED

Description

Cross-site scripting (XSS) vulnerability in Webmin 1.540 and earlier allows local users to inject arbitrary web script or HTML via a chfn command that changes the real (aka Full Name) field, related to useradmin/index.cgi and useradmin/user-lib.pl.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[oss-security] 20110524 Re: CVE Request: Webmin Local Privilege Escalation Vulnerability

mailing-list

x_refsource_MLIST

http://www.youtube.com/watch?v=CUO7JLIGUf0

x_refsource_MISC

1025438

vdb-entry

x_refsource_SECTRACK

20110424 XSS in Webmin 1.540 + exploit for privilege escalation

mailing-list

x_refsource_BUGTRAQ

https://github.com/webmin/webmin/commit/46e3d3ad195dcdc1af1795c96b6e0dc778fb6881

x_refsource_CONFIRM

[oss-security] 20110522 CVE Request: Webmin Local Privilege Escalation Vulnerability

mailing-list

x_refsource_MLIST

MDVSA-2011:109

vendor-advisory

x_refsource_MANDRIVA

8264

third-party-advisory

x_refsource_SREASON

http://javierb.com.ar/2011/04/24/xss-webmin-1-540/

x_refsource_MISC

47558

vdb-entry

x_refsource_BID

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2011-1937

Description

Affected Products

References