CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
29.6%
Multiple Webmin products contain multiple vulnerabilities listed below.
sysinfo.cgi is vulnerable to cross-site scripting (CWE-79) CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Base Score 6.1 CVE-2024-36450session_login.cgi is vulnerable to cross-site scripting (CWE-79)CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Base Score 6.1 CVE-2024-36453ajaxterm module is vulnerable to improper handling of insufficient permissions or privileges (CWE-280)CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Base Score 8.8 CVE-2024-36451ajaxterm module is vulnerable to cross-site request forgery (CWE-352) CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N Base Score 3.1 CVE-2024-36452
Update the Software
Update the software to the latest version according to the information provided by the developer.
CVE-2024-36450
Webmin versions prior to 1.910
CVE-2024-36453
Webmin versions prior to 1.970
Usermin versions prior to 1.820
CVE-2024-36451,** CVE-2024-36452**
Webmin versions prior to 2.003