Cross-Site Scripting Vulnerability in Webmin by Virtualmin
CVE-2008-0720

Currently unrated

Key Information:

Vendor: Webmin
Status: Usermin; Webmin
Vendor: CVE Published:; 12 February 2008

What is CVE-2008-0720?

A cross-site scripting (XSS) vulnerability exists in Webmin versions 1.370 and 1.390, as well as in Usermin versions 1.300 and 1.320. This flaw enables remote attackers to inject arbitrary HTML or web scripts into the application. The exploitation occurs through the search parameter in webmin_search.cgi, potentially impacting users who access components that allow search queries via a 'search box' or 'open file box'. As a result, attackers can execute unauthorized scripts in the context of the affected user's session, posing significant security risks.

References

http://www.securityfocus.com/archive/1/487678/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://secunia.com/advisories/28827

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/bid/27662

vdb-entryx_refsource_BID

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 12, 2008
Vulnerability Reserved
Feb 11, 2008