Published:2017/02/09 Last Updated:2017/02/09
JVN#34207650
Multiple cross-site scripting vulnerabilities in Webmin
Overview
Webmin contains multiple cross-site scripting vulnerabilities.
Products Affected
- Webmin versions prior to 1.830
Description
Webmin contains multiple cross-site scripting vulnerabilities (CWE-79) due to issues in outputting error messages into a HTML page and the function to edit the database.
Impact
An arbitrary script may be executed on the user's web browser.
Solution
Update the software
Update to the latest version according to the information provided by the developer.
Vendor Status
Vendor | Link |
Webmin | Strip out unsafe HTML from error messages |
Downloads |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
CVSS v3
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Base Score:
6.1
CVSS v2
AV:N/AC:M/Au:N/C:N/I:P/A:N
Base Score:
4.3
Credit
Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Other Information
JPCERT Alert |
|
JPCERT Reports |
|
CERT Advisory |
|
CPNI Advisory |
|
TRnotes |
|
CVE |
CVE-2017-2106 |
JVN iPedia |
JVNDB-2017-000022 |
Update History
- 2017/02/09
- Fixed link for JVN iPedia under Other Information