CVE-2014-0339
Published Mar 16, 2014
Last updated 9 years ago
Overview
- Description
- Cross-site scripting (XSS) vulnerability in view.cgi in Webmin before 1.680 allows remote attackers to inject arbitrary web script or HTML via the search parameter.
- Source
- cret@cert.org
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-79
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4B0BF214-8325-44C1-88F1-722E50F04A72",
"versionEndIncluding": "1.670"
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.600:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FDDBEEF5-0D51-4585-9AFF-E317E1E81C4F"
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.610:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "79D5E434-C5D0-476C-991C-E82355AE32B2"
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.620:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "523DF9D1-7E6D-458E-93AD-906AAE97E1CD"
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.630:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "76BD5561-78F2-416F-BDE1-365D887FC061"
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.640:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E5D20433-B154-4CD2-BF7E-2B0F6E93E81C"
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.650:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2403CB58-22C6-4B71-B007-4F2B8D942C5D"
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.660:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6321F048-D25F-4E4C-9994-7FA0D619418D"
}
],
"operator": "OR"
}
]
}
]