QwikSec

Security Database

CVE

CWE

Training

CVE-2017-9313

Published: Jul 4, 2017

Modified: Aug 5, 2024

PUBLISHED

Description

Multiple Cross-site scripting (XSS) vulnerabilities in Webmin before 1.850 allow remote attackers to inject arbitrary web script or HTML via the sec parameter to view_man.cgi, the referers parameter to change_referers.cgi, or the name parameter to save_user.cgi. NOTE: these issues were not fixed in 1.840.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/webmin/webmin/commit/a330e913ee099cb9c586ce1b9267647fc566c1ab

x_refsource_MISC

http://seclists.org/bugtraq/2017/Jul/3

x_refsource_MISC

vdb-entry

x_refsource_SECTRACK

https://github.com/webmin/webmin/commit/c2d4a90639afb2403979aa91ba75cb332ae16d1b

x_refsource_MISC

vdb-entry

x_refsource_BID

http://www.webmin.com/changes.html

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.