Lucene search

K

[email protected]NVD:CVE-2007-3156

HistoryJun 11, 2007 - 10:30 p.m.

CVE-2007-3156

2007-06-1122:30:00

CWE-79

[email protected]

web.nvd.nist.gov

2

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.024 Low

EPSS

Percentile

89.9%

Multiple cross-site scripting (XSS) vulnerabilities in pam_login.cgi in Webmin before 1.350 and Usermin before 1.280 allow remote attackers to inject arbitrary web script or HTML via the (1) cid, (2) message, or (3) question parameter. NOTE: some of these details are obtained from third party information.

Affected configurations

NVD

Node

webminuserminRange≤1.280

OR

webminwebminRange≤1.340

References

osvdb.org/36932

secunia.com/advisories/25580

secunia.com/advisories/25785

secunia.com/advisories/25956

security.gentoo.org/glsa/glsa-200707-05.xml

www.mandriva.com/security/advisories?name=MDKSA-2007:135

www.securityfocus.com/bid/24381

www.vupen.com/english/advisories/2007/2117

www.webmin.com/changes-1.350.html

www.webmin.com/security.html

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.024 Low

EPSS

Percentile

89.9%

Related for NVD:CVE-2007-3156

freebsd1 nessus4 openvas6 securityvulns2 seebug1 prion1 cve1 gentoo1 cvelist1