XSS Vulnerability in Webmin and Usermin Affects Security and Data Integrity
CVE-2006-4542

Currently unrated

Key Information:

Vendor

Webmin

Status
Webmin
Usermin
Vendor
CVE Published:
5 September 2006

What is CVE-2006-4542?

Webmin and Usermin prior to specified versions fail to properly process URLs with null characters, which can be exploited by remote attackers. This flaw enables attackers to execute cross-site scripting (XSS), potentially read source code of CGI programs, enumerate directories, and may lead to unauthorized execution of programs, posing significant risks to users' systems.

References

http://jvn.jp/jp/JVN%2399776858/index.html
third-party-advisoryx_refsource_JVN
http://www.securityfocus.com/bid/19820
vdb-entryx_refsource_BID
http://secunia.com/advisories/22114
third-party-advisoryx_refsource_SECUNIA

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.