15 matches found
cockpit: Cockpit: Arbitrary command execution via crafted links in system logs UI
A flaw was found in Cockpit. This vulnerability allows a remote attacker to achieve arbitrary command execution on the host by exploiting unsanitized user-controlled parameters within crafted links in the system logs user interface UI. An attacker can inject shell metacharacters and command...
EUVD-2023-42130
Malicious code in bioql PyPI...
CVE-2023-38311
An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting XSS vulnerability was discovered in the System Logs Viewer functionality. The vulnerability allows an attacker to store a malicious payload in the configuration field, triggering the execution of the payload when saving the...
Webmin < 2.100 Multiple Vulnerabilities
According to its self-reported version, the Webmin install hosted on the remote host is prior to 2.100. It is, therefore, affected by multiple vulnerabilities: - A Cross-Site Scripting XSS vulnerability exists in the Users Real name parameter. - A Cross-Site Scripting XSS vulnerability exists in...
Malicious code in logs-viewer (RubyGems)
--- -= Per source details. Do not edit below this line.=-...
MAL-2024-6978 Malicious code in logs-viewer (RubyGems)
--- -= Per source details. Do not edit below this line.=-...
CVE-2023-38311
An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting XSS vulnerability was discovered in the System Logs Viewer functionality. The vulnerability allows an attacker to store a malicious payload in the configuration field, triggering the execution of the payload when saving the...
CVE-2023-38311
An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting XSS vulnerability was discovered in the System Logs Viewer functionality. The vulnerability allows an attacker to store a malicious payload in the configuration field, triggering the execution of the payload when saving the...
CVE-2023-38311
An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting XSS vulnerability was discovered in the System Logs Viewer functionality. The vulnerability allows an attacker to store a malicious payload in the configuration field, triggering the execution of the payload when saving the...
Cross site scripting
An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting XSS vulnerability was discovered in the System Logs Viewer functionality. The vulnerability allows an attacker to store a malicious payload in the configuration field, triggering the execution of the payload when saving the...
CVE-2023-38311
CVE-2023-38311 affects Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability exists in the System Logs Viewer functionality, allowing an attacker to store a malicious payload in the configuration field, triggering payload execution when saving the configuration or when accessing the Sys...
CVE-2023-38311
An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting XSS vulnerability was discovered in the System Logs Viewer functionality. The vulnerability allows an attacker to store a malicious payload in the configuration field, triggering the execution of the payload when saving the...
CVE-2023-38311
An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting XSS vulnerability was discovered in the System Logs Viewer functionality. The vulnerability allows an attacker to store a malicious payload in the configuration field, triggering the execution of the payload when saving the...
PT-2023-4157 · Webmin · Webmin
Name of the Vulnerable Software and Affected Versions: Webmin version 2.021 Description: A Stored Cross-Site Scripting XSS issue was discovered in the System Logs Viewer functionality. This allows an attacker to store a malicious payload in the configuration field, which triggers the execution of...
w3ml cross-site scripting vulnerability
Overview w3ml, a program used to display mailing list logs on the web site, contains a cross-site scripting vulnerability. Impact An arbitrary script could be executed on the user's web browser which may allow an attacker to steal cookie information. Solution None...