Webmin history Parameter Cross-Site-Scripting

Strike ID:
E19-5oon1
CVSS:
5.4 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
False Positive:
f
Variants:
1
Year:
2018

Description

This strike exploits a cross-site scripting vulnerability in Webmin. The vulnerability results from the lack of sanitization when displaying the POST parameter 'history' in '/shell/index.cgi'. A successful exploitation leads to arbitrary code execution in visitors' browsers or credentials theft.

CVE

References