Vigil@nce: Webmin, Usermin, Cross Site Scripting
December 2009 by Vigil@nce
An attacker can generate a Cross Site Scripting in Webmin and
Usermin.
– Severity: 2/4
– Consequences: client access/rights
– Provenance: document
– Means of attack: no proof of concept, no attack
– Ability of attacker: expert (4/4)
– Confidence: confirmed by the editor (5/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Creation date: 11/12/2009
IMPACTED PRODUCTS
– Usermin
– Webmin
DESCRIPTION OF THE VULNERABILITY
A Cross Site Scripting was announced in Webmin and Usermin.
Technical details are unknown.
An attacker can thus create a Cross Site Scripting attack, in
order to execute Javascript code in the context of the web browser
of victim using the web site.
CHARACTERISTICS
– Identifiers: BID-37259, VIGILANCE-VUL-9276
– Url: http://vigilance.fr/vulnerability/Webmin-Usermin-Cross-Site-Scripting-9276