CVE Vulnerabilities

CVE-2002-1673

Published: Dec 31, 2002 | Modified: Jul 11, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
3.6 LOW
AV:L/AC:L/Au:N/C:P/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

The web interface for Webmin 0.92 does not properly quote or filter script code in files that are displayed to the interface, which allows local users to execute script and possibly steal cookies by inserting the script into certain files or fields, such as a real user name entry in the passwd file.

Affected Software

Name Vendor Start Version End Version
Webmin Webmin 0.1 (including) 0.1 (including)
Webmin Webmin 0.2 (including) 0.2 (including)
Webmin Webmin 0.3 (including) 0.3 (including)
Webmin Webmin 0.4 (including) 0.4 (including)
Webmin Webmin 0.5 (including) 0.5 (including)
Webmin Webmin 0.6 (including) 0.6 (including)
Webmin Webmin 0.7 (including) 0.7 (including)
Webmin Webmin 0.21 (including) 0.21 (including)
Webmin Webmin 0.22 (including) 0.22 (including)
Webmin Webmin 0.31 (including) 0.31 (including)
Webmin Webmin 0.41 (including) 0.41 (including)
Webmin Webmin 0.42 (including) 0.42 (including)
Webmin Webmin 0.51 (including) 0.51 (including)
Webmin Webmin 0.76 (including) 0.76 (including)
Webmin Webmin 0.77 (including) 0.77 (including)
Webmin Webmin 0.78 (including) 0.78 (including)
Webmin Webmin 0.79 (including) 0.79 (including)
Webmin Webmin 0.80 (including) 0.80 (including)
Webmin Webmin 0.83 (including) 0.83 (including)
Webmin Webmin 0.84 (including) 0.84 (including)
Webmin Webmin 0.85 (including) 0.85 (including)
Webmin Webmin 0.88 (including) 0.88 (including)
Webmin Webmin 0.91 (including) 0.91 (including)
Webmin Webmin 0.92 (including) 0.92 (including)
Webmin Webmin 0.92.1 (including) 0.92.1 (including)

References