fkie_cve-2011-1937
Vulnerability from fkie_nvd
Published
2011-05-31 20:55
Modified
2024-11-21 01:27
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Webmin 1.540 and earlier allows local users to inject arbitrary web script or HTML via a chfn command that changes the real (aka Full Name) field, related to useradmin/index.cgi and useradmin/user-lib.pl.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "99196F59-548C-40FD-9EA7-6200901120E6",
"versionEndIncluding": "1.540",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.75:*:*:*:*:*:*:*",
"matchCriteriaId": "180192C4-DDF9-4278-A213-24A91137D4FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.76:*:*:*:*:*:*:*",
"matchCriteriaId": "F05CF0BA-0606-42E5-A631-D302FF1D59F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.77:*:*:*:*:*:*:*",
"matchCriteriaId": "6A79B7B3-708A-42E4-B4EF-7746F6292DB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.78:*:*:*:*:*:*:*",
"matchCriteriaId": "E2F06BC0-0418-4A1C-BD4A-B7429A6CEA39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.79:*:*:*:*:*:*:*",
"matchCriteriaId": "1817FDA9-31F4-4D4A-A867-386D2F1CDB1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.80:*:*:*:*:*:*:*",
"matchCriteriaId": "23522A64-FD03-4C5B-9A8A-5E7CDDC65CEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.81:*:*:*:*:*:*:*",
"matchCriteriaId": "192B0ED0-5967-4169-A644-1DAB8D4BF981",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.82:*:*:*:*:*:*:*",
"matchCriteriaId": "E2B5EE2D-9105-4BD5-B298-34DFB332A728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.83:*:*:*:*:*:*:*",
"matchCriteriaId": "DFD94AA9-CABA-4FC8-8367-D5D9D8B4F623",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.84:*:*:*:*:*:*:*",
"matchCriteriaId": "35B136CA-47BF-46DE-885A-9E74EBDE5306",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.85:*:*:*:*:*:*:*",
"matchCriteriaId": "E9A3F522-6E6D-446C-8694-7AE91F19F1C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.86:*:*:*:*:*:*:*",
"matchCriteriaId": "B9B426CD-5105-4EDE-8ED5-991C6B712DF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.87:*:*:*:*:*:*:*",
"matchCriteriaId": "FE21BBCF-6F4B-4EEA-B80B-2AE46B6FB2ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.88:*:*:*:*:*:*:*",
"matchCriteriaId": "DBB86BC7-4A99-4C5B-9460-CDDA7C4E4041",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.91:*:*:*:*:*:*:*",
"matchCriteriaId": "0B0813F3-1886-481E-8822-4BD199C4934F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.92:*:*:*:*:*:*:*",
"matchCriteriaId": "6D25A7CA-ED9D-4562-8965-D4906D1BE5FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.93:*:*:*:*:*:*:*",
"matchCriteriaId": "C1F2D028-F2F9-4CE0-A24B-7DB44D488D4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.94:*:*:*:*:*:*:*",
"matchCriteriaId": "82EE7A9B-5688-4933-95B9-476873D44A65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.950:*:*:*:*:*:*:*",
"matchCriteriaId": "08068E84-9EE5-4742-B70A-567CD4199604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.960:*:*:*:*:*:*:*",
"matchCriteriaId": "5C6D5F6A-B34F-4134-959F-C31FC84EBCF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.970:*:*:*:*:*:*:*",
"matchCriteriaId": "DB4FEC51-DD03-418D-8E55-CEE696BE2D74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.980:*:*:*:*:*:*:*",
"matchCriteriaId": "4B9F8F43-F9EC-4BC0-BDF6-EC3EDF5A71F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.990:*:*:*:*:*:*:*",
"matchCriteriaId": "DB6865E9-F244-4019-AA4C-3DB1655A6AA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.000:*:*:*:*:*:*:*",
"matchCriteriaId": "17054066-DE7F-4BE7-A2DA-9426DE6B7D3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.010:*:*:*:*:*:*:*",
"matchCriteriaId": "8C04909C-17D9-46FF-BCCF-45F2531A1B6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.020:*:*:*:*:*:*:*",
"matchCriteriaId": "4B12A859-CFE1-46B7-B607-AF5BB6F5A081",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.030:*:*:*:*:*:*:*",
"matchCriteriaId": "860599C2-ED30-454A-8ABA-D62F6019D1E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.040:*:*:*:*:*:*:*",
"matchCriteriaId": "92F68614-84A3-4CB8-9481-9D3D089FF3E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.050:*:*:*:*:*:*:*",
"matchCriteriaId": "E1539E34-B384-4882-953E-896971C1E8AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.060:*:*:*:*:*:*:*",
"matchCriteriaId": "784B61DA-2890-4B4C-9D07-258A2C183132",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.070:*:*:*:*:*:*:*",
"matchCriteriaId": "8E91A2F5-2C56-4D5E-BBC7-F48BF458C264",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.080:*:*:*:*:*:*:*",
"matchCriteriaId": "6CE691D3-3A39-4B95-BD15-562D8A80BAE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.090:*:*:*:*:*:*:*",
"matchCriteriaId": "DE8E9AF8-6660-45F7-BF4A-B9C71CED7A68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.100:*:*:*:*:*:*:*",
"matchCriteriaId": "84063206-CEF4-4829-A74A-55C767923D5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.110:*:*:*:*:*:*:*",
"matchCriteriaId": "D885CB6A-06E9-416C-93D2-9C5A9931CF56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.121:*:*:*:*:*:*:*",
"matchCriteriaId": "97FE2F9D-C573-44BB-A542-8512FD27D130",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.130:*:*:*:*:*:*:*",
"matchCriteriaId": "8209350C-BD76-43E2-9E81-CECD03A214B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.140:*:*:*:*:*:*:*",
"matchCriteriaId": "86FB60E8-8A87-4838-8144-1FCFB8C382FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.150:*:*:*:*:*:*:*",
"matchCriteriaId": "A98A70E1-A1BD-45A6-A409-97B7FAA07E5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.160:*:*:*:*:*:*:*",
"matchCriteriaId": "09CB193D-3D6B-4680-8490-6FAA714C45A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.170:*:*:*:*:*:*:*",
"matchCriteriaId": "471E5FDB-0C34-4D3A-BACC-1EADE1ADCE83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.180:*:*:*:*:*:*:*",
"matchCriteriaId": "F97EC65B-0E6A-4F25-B7DC-1C1297173684",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.190:*:*:*:*:*:*:*",
"matchCriteriaId": "4390E10A-027E-423E-ABE3-86099074B4AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.200:*:*:*:*:*:*:*",
"matchCriteriaId": "B44FF660-7348-4F60-BE4D-1815C095C88A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.210:*:*:*:*:*:*:*",
"matchCriteriaId": "7350164E-520E-4BA0-8C51-19EE7D1E5FA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.220:*:*:*:*:*:*:*",
"matchCriteriaId": "7B2E5B42-C492-4F59-B250-C40095CF2582",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.230:*:*:*:*:*:*:*",
"matchCriteriaId": "D4155856-F5A3-4125-952E-82E93DDDE088",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.240:*:*:*:*:*:*:*",
"matchCriteriaId": "EB0BE82F-EC96-428E-871B-1332045EE9C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.250:*:*:*:*:*:*:*",
"matchCriteriaId": "B80E81F6-2A96-4014-8045-FC0C1B4CEB1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.260:*:*:*:*:*:*:*",
"matchCriteriaId": "D38FB71E-4663-48EC-8164-105AF85AEB51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.270:*:*:*:*:*:*:*",
"matchCriteriaId": "A95386F4-123A-407A-A735-F12FD9711BEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.280:*:*:*:*:*:*:*",
"matchCriteriaId": "030A8C8C-D60D-467D-80CE-B2B00572F05F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.290:*:*:*:*:*:*:*",
"matchCriteriaId": "1CE7F5BF-2B5D-44B4-8865-90E58771239C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.300:*:*:*:*:*:*:*",
"matchCriteriaId": "41462964-E5BA-4182-ABF4-54ECD5D97DAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.310:*:*:*:*:*:*:*",
"matchCriteriaId": "85AAE04F-4530-454A-AC2C-2581197EAD0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.320:*:*:*:*:*:*:*",
"matchCriteriaId": "2F2634CD-846C-4343-B50F-21AD7380212B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.330:*:*:*:*:*:*:*",
"matchCriteriaId": "60489FB9-5D98-4611-8FBE-7F6A901BBFA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.340:*:*:*:*:*:*:*",
"matchCriteriaId": "85A8F9EA-7A8D-4BA9-9732-DE93388800A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.350:*:*:*:*:*:*:*",
"matchCriteriaId": "4D4C622D-6ED7-4F11-A43B-FE00B088CEAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.360:*:*:*:*:*:*:*",
"matchCriteriaId": "080FCFDE-557E-4D35-8701-96AC28381ADF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.370:*:*:*:*:*:*:*",
"matchCriteriaId": "E948F223-D365-4D5B-9C2B-FB064F8DC00B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.380:*:*:*:*:*:*:*",
"matchCriteriaId": "DF07B559-9FEE-40FF-AA85-0018998F7E22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.390:*:*:*:*:*:*:*",
"matchCriteriaId": "2B767E9C-D321-4972-BF7A-B5E62956D6CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.400:*:*:*:*:*:*:*",
"matchCriteriaId": "F97A0281-1C70-4476-9441-400C83AB39E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.410:*:*:*:*:*:*:*",
"matchCriteriaId": "46563F83-035B-49AF-94B4-909CE53945D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.420:*:*:*:*:*:*:*",
"matchCriteriaId": "75736565-8B44-48C2-92AE-AF4B19A5C18D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.430:*:*:*:*:*:*:*",
"matchCriteriaId": "0A50E69D-EE5A-4DC7-A884-F6B10E677E4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.440:*:*:*:*:*:*:*",
"matchCriteriaId": "19FCDACE-0BB2-4891-94BE-5E8F1BB72386",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.441:*:*:*:*:*:*:*",
"matchCriteriaId": "4462604D-A3FE-4DA4-A401-59AA433686A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.450:*:*:*:*:*:*:*",
"matchCriteriaId": "6EE2A989-3136-4B0F-AA9C-4C002532FCB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.460:*:*:*:*:*:*:*",
"matchCriteriaId": "FF407748-7342-487E-86B9-038361C09B45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.470:*:*:*:*:*:*:*",
"matchCriteriaId": "C4F2FAD3-E922-4E17-95EC-E6D2F1BC9778",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.480:*:*:*:*:*:*:*",
"matchCriteriaId": "B0D66B84-678C-4568-8543-319A9C4D4116",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.490:*:*:*:*:*:*:*",
"matchCriteriaId": "0C548C2A-18F0-43F0-A98B-B730E33B0A87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.500:*:*:*:*:*:*:*",
"matchCriteriaId": "8CD4CB9A-2C24-4548-8204-D936927F8362",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.510:*:*:*:*:*:*:*",
"matchCriteriaId": "1582111F-8C80-41C9-84D5-8C2BAD1511C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.520:*:*:*:*:*:*:*",
"matchCriteriaId": "97A98749-3256-4027-8AF0-F9756AA96CA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.530:*:*:*:*:*:*:*",
"matchCriteriaId": "5A7B281C-00C6-405A-AC41-0C29E29AB412",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Webmin 1.540 and earlier allows local users to inject arbitrary web script or HTML via a chfn command that changes the real (aka Full Name) field, related to useradmin/index.cgi and useradmin/user-lib.pl."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Webmin 1.540 y versiones anteriores permite a usuarios remotos inyectar codigo de script web o c\u00f3digo HTML de su elecci\u00f3n a trav\u00e9s de un comando chfn que modifica el campo real (Full Name). Relacionado con useradmin/index.cgi y useradmin/user-lib.pl."
}
],
"id": "CVE-2011-1937",
"lastModified": "2024-11-21T01:27:20.797",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-05-31T20:55:05.173",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://javierb.com.ar/2011/04/24/xss-webmin-1-540/"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/05/22/1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://openwall.com/lists/oss-security/2011/05/24/7"
},
{
"source": "secalert@redhat.com",
"url": "http://securityreason.com/securityalert/8264"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://securitytracker.com/id?1025438"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:109"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/archive/1/517658"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/47558"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://www.youtube.com/watch?v=CUO7JLIGUf0"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://github.com/webmin/webmin/commit/46e3d3ad195dcdc1af1795c96b6e0dc778fb6881"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://javierb.com.ar/2011/04/24/xss-webmin-1-540/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/05/22/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://openwall.com/lists/oss-security/2011/05/24/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/8264"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://securitytracker.com/id?1025438"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:109"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/archive/1/517658"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/47558"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.youtube.com/watch?v=CUO7JLIGUf0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/webmin/webmin/commit/46e3d3ad195dcdc1af1795c96b6e0dc778fb6881"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.