CVE-2014-3886
Published Jul 20, 2014
Last updated 10 years ago
Overview
- Description
- Cross-site scripting (XSS) vulnerability in Webmin before 1.690, when referrer checking is disabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this might overlap CVE-2014-3924.
- Source
- vultures@jpcert.or.jp
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 2.6
- Impact score
- 2.9
- Exploitability score
- 4.9
- Vector string
- AV:N/AC:H/Au:N/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-79
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C7098876-1831-4013-AFDC-4B87AEBECEDA",
"versionEndIncluding": "1.680"
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.600:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FDDBEEF5-0D51-4585-9AFF-E317E1E81C4F"
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.610:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "79D5E434-C5D0-476C-991C-E82355AE32B2"
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.620:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "523DF9D1-7E6D-458E-93AD-906AAE97E1CD"
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.630:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "76BD5561-78F2-416F-BDE1-365D887FC061"
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.640:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E5D20433-B154-4CD2-BF7E-2B0F6E93E81C"
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.650:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2403CB58-22C6-4B71-B007-4F2B8D942C5D"
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.660:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6321F048-D25F-4E4C-9994-7FA0D619418D"
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.670:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AE07D5AE-0277-493F-8362-C09285A024E6"
}
],
"operator": "OR"
}
]
}
]