Webmin contains a cross-site scripting vulnerability

by George Chetcuti [Published on 15 April 2014 / Last Updated on 15 April 2014]

Webmin 1.670, and possibly earlier versions, contains a cross-site scripting vulnerability.

Webmin is a web-based interface for system administration for Unix. Using any browser that supports tables and forms (and Java for the File Manager module), you can setup user accounts, Apache, DNS, file sharing and so on.

A remote attacker that is able to trick a user in to visiting a specially crafted URL may be able to conduct a cross-site scripting attack. This attack may result in information leakage, privilege escalation, and/or denial of service.

Read the full security advisory here - http://www.kb.cert.org/vuls/id/381692

See Also

Review and Comments

* Required field

See Also

Featured Links