All the vulnerabilites related to Webmin Project - Webmin
jvndb-2007-000730
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-05-21 00:00
Summary
Webmin OS command injection vulnerability
Details
Webmin, a web-based system management tool, contains a vulnerability that allows an unauthorized Webmin user to execute OS commands.
Webmin is a web-based system management tool. Webmin for Windows contains a vulnerability that allows an unauthorized Webmin user to execute OS commands by entering a specially crafted URL.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Webmin Project | Webmin |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000730.html",
"dc:date": "2008-05-21T00:00+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-05-21T00:00+09:00",
"description": "Webmin, a web-based system management tool, contains a vulnerability that allows an unauthorized Webmin user to execute OS commands.\r\n\r\nWebmin is a web-based system management tool. Webmin for Windows contains a vulnerability that allows an unauthorized Webmin user to execute OS commands by entering a specially crafted URL.",
"link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000730.html",
"sec:cpe": {
"#text": "cpe:/a:webmin:webmin",
"@product": "Webmin",
"@vendor": "Webmin Project",
"@version": "2.2"
},
"sec:cvss": {
"@score": "9.0",
"@severity": "High",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2007-000730",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN61208749/index.html",
"@id": "JVN#61208749",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5066",
"@id": "CVE-2007-5066",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5066",
"@id": "CVE-2007-5066",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/26885",
"@id": "SA26885",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/25773",
"@id": "25773",
"@source": "BID"
},
{
"#text": "http://xforce.iss.net/xforce/xfdb/36759",
"@id": "36759",
"@source": "XF"
},
{
"#text": "http://www.securitytracker.com/id?1018731",
"@id": "1018731",
"@source": "SECTRACK"
},
{
"#text": "http://www.frsirt.com/english/advisories/2007/3243",
"@id": "FrSIRT/ADV-2007-3243",
"@source": "FRSIRT"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-20",
"@title": "Improper Input Validation(CWE-20)"
}
],
"title": "Webmin OS command injection vulnerability"
}
jvndb-2024-000059
Vulnerability from jvndb
Published
2024-07-09 14:27
Modified
2024-07-09 14:27
Severity ?
Summary
Multiple vulnerabilities in multiple Webmin products
Details
Multiple Webmin products contain multiple vulnerabilities listed below.
* sysinfo.cgi is vulnerable to cross-site scripting (CWE-79)
CVE-2024-36450
* session_login.cgi is vulnerable to cross-site scripting (CWE-79)
CVE-2024-36453
* ajaxterm module is vulnerable to improper handling of insufficient permissions or privileges (CWE-280)
CVE-2024-36451
* ajaxterm module is vulnerable to cross-site request forgery (CWE-352)
CVE-2024-36452
CVE-2024-36450, CVE-2024-36451, CVE-2024-36452
Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2024-36453
hibiki moriyama of STNet, Incorporated reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | https://jvn.jp/en/jp/JVN81442045/index.html | |
| CVE | https://www.cve.org/CVERecord?id=CVE-2024-36450 | |
| CVE | https://www.cve.org/CVERecord?id=CVE-2024-36451 | |
| CVE | https://www.cve.org/CVERecord?id=CVE-2024-36452 | |
| CVE | https://www.cve.org/CVERecord?id=CVE-2024-36453 | |
| Cross-Site Request Forgery(CWE-352) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html | |
| Cross-site Scripting(CWE-79) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html | |
| No Mapping(CWE-Other) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Webmin Project | Usermin | |
| Webmin Project | Webmin | |
| Webmin Project | Webmin |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000059.html",
"dc:date": "2024-07-09T14:27+09:00",
"dcterms:issued": "2024-07-09T14:27+09:00",
"dcterms:modified": "2024-07-09T14:27+09:00",
"description": "Multiple Webmin products contain multiple vulnerabilities listed below.\r\n * sysinfo.cgi is vulnerable to cross-site scripting (CWE-79)\r\n CVE-2024-36450\r\n * session_login.cgi is vulnerable to cross-site scripting (CWE-79)\r\n CVE-2024-36453\r\n * ajaxterm module is vulnerable to improper handling of insufficient permissions or privileges (CWE-280)\r\n CVE-2024-36451\r\n * ajaxterm module is vulnerable to cross-site request forgery (CWE-352)\r\n CVE-2024-36452\r\n\r\nCVE-2024-36450, CVE-2024-36451, CVE-2024-36452\r\nToshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2024-36453\r\nhibiki moriyama of STNet, Incorporated reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000059.html",
"sec:cpe": [
{
"#text": "cpe:/a:webmin:usermin",
"@product": "Usermin",
"@vendor": "Webmin Project",
"@version": "2.2"
},
{
"#text": "cpe:/a:webmin:webmin",
"@product": "Webmin",
"@vendor": "Webmin Project",
"@version": "2.2"
},
{
"#text": "cpe:/a:webmin:webmin",
"@product": "Webmin",
"@vendor": "Webmin Project",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "8.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2024-000059",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN81442045/index.html",
"@id": "JVN#81442045",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-36450",
"@id": "CVE-2024-36450",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-36451",
"@id": "CVE-2024-36451",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-36452",
"@id": "CVE-2024-36452",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-36453",
"@id": "CVE-2024-36453",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-352",
"@title": "Cross-Site Request Forgery(CWE-352)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Multiple vulnerabilities in multiple Webmin products"
}
jvndb-2005-000537
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-05-21 00:00
Summary
Webmin and Usermin authentication bypass vulnerability
Details
Webmin and Usermin, web-based system management tools for UNIX, contain a vulnerability which may allow a remote attacker to bypass authentication when PAM authentication is used.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000537.html",
"dc:date": "2008-05-21T00:00+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-05-21T00:00+09:00",
"description": "Webmin and Usermin, web-based system management tools for UNIX, contain a vulnerability which may allow a remote attacker to bypass authentication when PAM authentication is used.",
"link": "https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000537.html",
"sec:cpe": [
{
"#text": "cpe:/a:webmin:usermin",
"@product": "Usermin",
"@vendor": "Webmin Project",
"@version": "2.2"
},
{
"#text": "cpe:/a:webmin:webmin",
"@product": "Webmin",
"@vendor": "Webmin Project",
"@version": "2.2"
},
{
"#text": "cpe:/o:misc:miraclelinux_asianux_server",
"@product": "Asianux Server",
"@vendor": "Cybertrust Japan Co., Ltd.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "9.3",
"@severity": "High",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2005-000537",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN40940493/index.html",
"@id": "JVN#40940493",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3042",
"@id": "CVE-2005-3042",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-3042",
"@id": "CVE-2005-3042",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/16858/",
"@id": "SA16858",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/14889",
"@id": "14889",
"@source": "BID"
},
{
"#text": "http://www.frsirt.com/english/advisories/2005/1791",
"@id": "FrSIRT/ADV-2005-1791",
"@source": "FRSIRT"
}
],
"title": "Webmin and Usermin authentication bypass vulnerability"
}
jvndb-2006-000938
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-05-21 00:00
Summary
Webmin directory traversal vulnerability
Details
Webmin is a web-based system management tool.
Webmin contains a directory traversal vulnerability which allows to bypass authentication.
As of June 30, 2006, patched versions of the module addressing this vulnerability for all OS platforms are available from the vendor. This vulnerability was originally reported as an issue specific to the Windows platform. The vendor announces that the vulnerability affects the product on any OS platforms.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Webmin Project | Usermin | |
| Webmin Project | Webmin |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000938.html",
"dc:date": "2008-05-21T00:00+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-05-21T00:00+09:00",
"description": "Webmin is a web-based system management tool.\r\nWebmin contains a directory traversal vulnerability which allows to bypass authentication.\r\n\r\nAs of June 30, 2006, patched versions of the module addressing this vulnerability for all OS platforms are available from the vendor. This vulnerability was originally reported as an issue specific to the Windows platform. The vendor announces that the vulnerability affects the product on any OS platforms.",
"link": "https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000938.html",
"sec:cpe": [
{
"#text": "cpe:/a:webmin:usermin",
"@product": "Usermin",
"@vendor": "Webmin Project",
"@version": "2.2"
},
{
"#text": "cpe:/a:webmin:webmin",
"@product": "Webmin",
"@vendor": "Webmin Project",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "5.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2006-000938",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN67974490/index.html",
"@id": "JVN#67974490",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3274",
"@id": "CVE-2006-3274",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-3274",
"@id": "CVE-2006-3274",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/20777",
"@id": "SA20777",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/18613",
"@id": "18613",
"@source": "BID"
},
{
"#text": "http://xforce.iss.net/xforce/xfdb/27366",
"@id": "27366",
"@source": "XF"
},
{
"#text": "http://securitytracker.com/id?1016375",
"@id": "1016375",
"@source": "SECTRACK"
},
{
"#text": "http://www.frsirt.com/english/advisories/2006/2493",
"@id": "FrSIRT/ADV-2006-2493",
"@source": "FRSIRT"
}
],
"title": "Webmin directory traversal vulnerability"
}
jvndb-2006-000939
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-05-21 00:00
Summary
Multiple vulnerabilities in Webmin and Usermin
Details
Webmin and Usermin, web-based system management tools, contain the following vulnerabilities:
- Execution of arbitrary files and viewing source code by bypassing Webmin and Usermin's access restrictions
- Cross-site scripting
We are aware that these vulnerabilities have been addressed in Webmin development version 1.297 and Usermin development version 1.226, as of August 31, 2006. Please refer to "Development Versions of Webmin and Usermin" on the vendor's website for information on the latest versions of the software.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000939.html",
"dc:date": "2008-05-21T00:00+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-05-21T00:00+09:00",
"description": "Webmin and Usermin, web-based system management tools, contain the following vulnerabilities:\r\n\r\n- Execution of arbitrary files and viewing source code by bypassing Webmin and Usermin\u0027s access restrictions\r\n- Cross-site scripting\r\n\r\nWe are aware that these vulnerabilities have been addressed in Webmin development version 1.297 and Usermin development version 1.226, as of August 31, 2006. Please refer to \"Development Versions of Webmin and Usermin\" on the vendor\u0027s website for information on the latest versions of the software.",
"link": "https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000939.html",
"sec:cpe": [
{
"#text": "cpe:/a:webmin:usermin",
"@product": "Usermin",
"@vendor": "Webmin Project",
"@version": "2.2"
},
{
"#text": "cpe:/a:webmin:webmin",
"@product": "Webmin",
"@vendor": "Webmin Project",
"@version": "2.2"
},
{
"#text": "cpe:/o:misc:miraclelinux_asianux_server",
"@product": "Asianux Server",
"@vendor": "Cybertrust Japan Co., Ltd.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2006-000939",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN99776858/index.html",
"@id": "JVN#99776858",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4542",
"@id": "CVE-2006-4542",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-4542",
"@id": "CVE-2006-4542",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/21690",
"@id": "SA21690",
"@source": "SECUNIA"
},
{
"#text": "http://secunia.com/advisories/22114",
"@id": "SA22114",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/19820",
"@id": "19820",
"@source": "BID"
},
{
"#text": "http://xforce.iss.net/xforce/xfdb/28699",
"@id": "28699",
"@source": "XF"
},
{
"#text": "http://securitytracker.com/id?1016776",
"@id": "1016776",
"@source": "SECTRACK"
},
{
"#text": "http://securitytracker.com/id?1016777",
"@id": "1016777",
"@source": "SECTRACK"
},
{
"#text": "http://www.frsirt.com/english/advisories/2006/3424",
"@id": "FrSIRT/ADV-2006-3424",
"@source": "FRSIRT"
}
],
"title": "Multiple vulnerabilities in Webmin and Usermin"
}
jvndb-2014-000059
Vulnerability from jvndb
Published
2014-06-20 13:58
Modified
2014-07-23 10:59
Summary
Webmin vulnerable to cross-site scripting
Details
Webmin is a web-based system management tool. Webmin contains a cross-site scripting vulnerability.
Yoshinori Matsumoto of Kobe Digital Labo, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Webmin Project | Webmin |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000059.html",
"dc:date": "2014-07-23T10:59+09:00",
"dcterms:issued": "2014-06-20T13:58+09:00",
"dcterms:modified": "2014-07-23T10:59+09:00",
"description": "Webmin is a web-based system management tool. Webmin contains a cross-site scripting vulnerability.\r\n\r\nYoshinori Matsumoto of Kobe Digital Labo, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000059.html",
"sec:cpe": {
"#text": "cpe:/a:webmin:webmin",
"@product": "Webmin",
"@vendor": "Webmin Project",
"@version": "2.2"
},
"sec:cvss": {
"@score": "3.5",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2014-000059",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN49974594/index.html",
"@id": "JVN#49974594",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3885",
"@id": "CVE-2014-3885",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3885",
"@id": "CVE-2014-3885",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Webmin vulnerable to cross-site scripting"
}
jvndb-2014-000060
Vulnerability from jvndb
Published
2014-06-20 13:58
Modified
2014-07-23 11:00
Summary
Webmin vulnerable to cross-site scripting
Details
Webmin is a web-based system management tool. Webmin contains a cross-site scripting vulnerability when "referrer checking" is turned off.
Note that "referrer checking" is enabled by default.
hasegawa reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Webmin Project | Webmin |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000060.html",
"dc:date": "2014-07-23T11:00+09:00",
"dcterms:issued": "2014-06-20T13:58+09:00",
"dcterms:modified": "2014-07-23T11:00+09:00",
"description": "Webmin is a web-based system management tool. Webmin contains a cross-site scripting vulnerability when \"referrer checking\" is turned off.\r\n\r\nNote that \"referrer checking\" is enabled by default.\r\n\r\nhasegawa reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000060.html",
"sec:cpe": {
"#text": "cpe:/a:webmin:webmin",
"@product": "Webmin",
"@vendor": "Webmin Project",
"@version": "2.2"
},
"sec:cvss": {
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2014-000060",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN02213197/index.html",
"@id": "JVN#02213197",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3886",
"@id": "CVE-2014-3886",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3886",
"@id": "CVE-2014-3886",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Webmin vulnerable to cross-site scripting"
}
jvndb-2017-000022
Vulnerability from jvndb
Published
2017-02-09 14:06
Modified
2017-06-02 18:04
Severity ?
Summary
Multiple cross-site scripting vulnerabilities in Webmin
Details
Webmin contains multiple cross-site scripting vulnerabilities (CWE-79) due to issues in outputting error messages into a HTML page and the function to edit the database.
Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | http://jvn.jp/en/jp/JVN34207650/index.html | |
| CVE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2106 | |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2017-2106 | |
| Cross-site Scripting(CWE-79) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Webmin Project | Webmin |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000022.html",
"dc:date": "2017-06-02T18:04+09:00",
"dcterms:issued": "2017-02-09T14:06+09:00",
"dcterms:modified": "2017-06-02T18:04+09:00",
"description": "Webmin contains multiple cross-site scripting vulnerabilities (CWE-79) due to issues in outputting error messages into a HTML page and the function to edit the database.\r\n\r\nToshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000022.html",
"sec:cpe": {
"#text": "cpe:/a:webmin:webmin",
"@product": "Webmin",
"@vendor": "Webmin Project",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "6.1",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2017-000022",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN34207650/index.html",
"@id": "JVN#34207650",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2106",
"@id": "CVE-2017-2106",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2106",
"@id": "CVE-2017-2106",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Multiple cross-site scripting vulnerabilities in Webmin"
}