CVE-2024-36453

Cross-site scripting vulnerability exists in sessionlogin.cgi of Webmin versions prior to 1.970 and Usermin versions prior to 1.820. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product. As a result, a...

CVE-2024-36453

CVE-2024-36453 is a cross-site scripting vulnerability in Webmin’s session_login.cgi affecting Webmin before 1.970 and Usermin before 1.820. Exploitation can cause arbitrary JavaScript execution in the victim’s browser, potentially altering pages or exposing credentials. Red Hat and OSV/other fee...

CVE-2024-36451

Improper handling of insufficient permissions or privileges vulnerability exists in ajaxterm module of Webmin prior to 2.003. If this vulnerability is exploited, a console session may be hijacked by an unauthorized user. As a result, data within a system may be referred, a webpage may be altered,...

CVE-2024-36450

Webmin is affected by CVE-2024-36450 due to a cross-site scripting flaw in sysinfo.cgi present in Webmin versions prior to 1.910. Exploitation can cause arbitrary scripts to run in the victim’s browser, with potential session ID exposure, webpage alteration, or server disruption. The vulnerabilit...

JVN#30864198: ArsenoL vulnerable to cross-site scripting

ArsenoL provided by FlaFla... is software that can be downloaded from the Internet. ArsenoL is a dictionay software that is placed on a website used to post words and their meanings. ArsenoL contains a cross-site scripting vulnerability CWE-79 where an arbitrary script may be executed when the...