Lucene search

[email protected]CVE-2014-3924

HistoryMay 30, 2014 - 2:55 p.m.

CVE-2014-3924

2014-05-3014:55:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2014-3924

cross-site scripting

xss

webmin

usermin

security vulnerability

remote code injection

5.8 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

69.1%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Webmin before 1.690 and Usermin before 1.600 allow remote attackers to inject arbitrary web script or HTML via vectors related to popup windows.

CPENameOperatorVersion
webmin:webminwebminle1.680
webmin:userwinwebmin userwinle1.590

CPE	Name	Operator	Version
webmin:webmin	webmin	le	1.680
webmin:userwin	webmin userwin	le	1.590

References

secunia.com/advisories/58917

secunia.com/advisories/58919

www.securityfocus.com/bid/67647

www.securityfocus.com/bid/67649

www.securitytracker.com/id/1030296

www.securitytracker.com/id/1030297

www.webmin.com/changes.html

www.webmin.com/uchanges.html

5.8 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

69.1%

JSON

Related for CVE-2014-3924

prion4 cvelist4 cve3 nessus2