3 matches found
Webmin < 1.860 Cross Site Scripting Vulnerability
According to its self-reported version, the Webmin install hosted on the remote host is prior to 1.860. It is, therefore, affected by a cross site scripting vulnerability. C Tenable Network Security, Inc. include'compat.inc'; if description scriptid108561; scriptversion"1.6";...
CVE-2017-15646
Webmin before 1.860 has XSS with resultant remote code execution. Under the 'Others/File Manager' menu, there is a 'Download from remote URL' option to download a file from a remote server. After setting up a malicious server, one can wait for a file download request and then send an XSS payload...
CVE-2017-15646
Webmin before 1.860 is affected by CVE-2017-15646: a stored XSS in the web-based File Manager download-from-remote-URL flow can lead to remote code execution via a crafted payload in a name="cmd" parameter. Remediation: upgrade Webmin to 1.860 or later (or apply vendor-provided fixes).