CVE-2008-0720

Published Feb 12, 2008

Last updated 6 years ago

Overview

Description: Cross-site scripting (XSS) vulnerability in Webmin 1.370 and 1.390 and Usermin 1.300 and 1.320 allows remote attackers to inject arbitrary web script or HTML via the search parameter to webmin_search.cgi (aka the search section), and possibly other components accessed through a "search box" or "open file box." NOTE: some of these details are obtained from third party information.
Source: cve@mitre.org
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-79

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:webmin:usermin:1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "74E28AB1-D60A-4CFC-9133-552B7AA12D8D"
          },
          {
            "criteria": "cpe:2.3:a:webmin:usermin:1.32:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "06EBBDAA-05C2-4CFD-AC36-A24E5A768B09"
          },
          {
            "criteria": "cpe:2.3:a:webmin:webmin:1.370:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E948F223-D365-4D5B-9C2B-FB064F8DC00B"
          },
          {
            "criteria": "cpe:2.3:a:webmin:webmin:1.390:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2B767E9C-D321-4972-BF7A-B5E62956D6CD"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References