| Vulnerability Name: | CVE-2002-1673 (CCN-8596) | ||||||||
| Assigned: | 2002-03-20 | ||||||||
| Published: | 2002-03-20 | ||||||||
| Updated: | 2017-07-11 | ||||||||
| Summary: | The web interface for Webmin 0.92 does not properly quote or filter script code in files that are displayed to the interface, which allows local users to execute script and possibly steal cookies by inserting the script into certain files or fields, such as a real user name entry in the passwd file. | ||||||||
| CVSS v3 Severity: | 5.1 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 3.6 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:N)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Privileges | ||||||||
| References: | Source: CCN Type: BugTraq Mailing List, Wed Mar 20 2002 - 16:01:21 CST Local privalege escalation issues with Webmin 0.92 Source: CCN Type: BugTraq Mailing List, Wed Mar 20 2002 - 20:22:38 CST Re: Local privalege escalation issues with Webmin 0.92 Source: MITRE Type: CNA CVE-2002-1673 Source: BUGTRAQ Type: UNKNOWN 20020320 Local privalege escalation issues with Webmin 0.92 Source: CCN Type: OSVDB ID: 20873 Webmin Interface File Display Content XSS Source: BID Type: Exploit, Patch 4329 Source: CCN Type: BID-4329 Webmin Script Code Input Validation Vulnerability Source: CCN Type: Webmin Web site Downloading and Installing Source: XF Type: UNKNOWN webmin-functions-execute-code(8596) Source: XF Type: UNKNOWN webmin-functions-execute-code(8596) | ||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
| BACK | |||||||||