CVE-2011-1937: XSS
First published: Tue May 31 2011(Updated: )
Cross-site scripting (XSS) vulnerability in Webmin 1.540 and earlier allows local users to inject arbitrary web script or HTML via a chfn command that changes the real (aka Full Name) field, related to useradmin/index.cgi and useradmin/user-lib.pl.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Webmin | =1.190 | |
| Webmin | =1.160 | |
| Webmin | =1.380 | |
| Webmin | =0.990 | |
| Webmin | =1.300 | |
| Webmin | =1.040 | |
| Webmin | =1.121 | |
| Webmin | =0.82 | |
| Webmin | =1.130 | |
| Webmin | =0.88 | |
| Webmin | =1.090 | |
| Webmin | =1.060 | |
| Webmin | =1.270 | |
| Webmin | =0.960 | |
| Webmin | =1.240 | |
| Webmin | =1.340 | |
| Webmin | =1.200 | |
| Webmin | =1.210 | |
| Webmin | =1.470 | |
| Webmin | <=1.540 | |
| Webmin | =1.080 | |
| Webmin | =0.87 | |
| Webmin | =1.000 | |
| Webmin | =1.320 | |
| Webmin | =0.93 | |
| Webmin | =1.390 | |
| Webmin | =1.220 | |
| Webmin | =1.350 | |
| Webmin | =1.510 | |
| Webmin | =1.440 | |
| Webmin | =0.92 | |
| Webmin | =1.110 | |
| Webmin | =1.500 | |
| Webmin | =1.180 | |
| Webmin | =0.78 | |
| Webmin | =1.260 | |
| Webmin | =1.370 | |
| Webmin | =1.250 | |
| Webmin | =1.360 | |
| Webmin | =1.290 | |
| Webmin | =1.280 | |
| Webmin | =1.030 | |
| Webmin | =1.230 | |
| Webmin | =1.330 | |
| Webmin | =0.77 | |
| Webmin | =1.490 | |
| Webmin | =0.85 | |
| Webmin | =1.480 | |
| Webmin | =0.94 | |
| Webmin | =1.530 | |
| Webmin | =0.83 | |
| Webmin | =1.441 | |
| Webmin | =0.75 | |
| Webmin | =0.950 | |
| Webmin | =0.980 | |
| Webmin | =0.84 | |
| Webmin | =0.970 | |
| Webmin | =1.070 | |
| Webmin | =0.79 | |
| Webmin | =0.76 | |
| Webmin | =1.460 | |
| Webmin | =1.050 | |
| Webmin | =0.91 | |
| Webmin | =1.430 | |
| Webmin | =1.020 | |
| Webmin | =1.140 | |
| Webmin | =0.80 | |
| Webmin | =1.170 | |
| Webmin | =1.150 | |
| Webmin | =1.520 | |
| Webmin | =0.81 | |
| Webmin | =1.010 | |
| Webmin | =1.450 | |
| Webmin | =1.310 | |
| Webmin | =0.86 | |
| Webmin | =1.400 | |
| Webmin | =1.410 | |
| Webmin | =1.100 | |
| Webmin | =1.420 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/archive/1/517658
- http://securitytracker.com/id?1025438
- http://www.youtube.com/watch?v=CUO7JLIGUf0
- http://openwall.com/lists/oss-security/2011/05/24/7
- http://openwall.com/lists/oss-security/2011/05/22/1
- http://www.securityfocus.com/bid/47558
- http://javierb.com.ar/2011/04/24/xss-webmin-1-540/
- https://github.com/webmin/webmin/commit/46e3d3ad195dcdc1af1795c96b6e0dc778fb6881
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:109
- http://securityreason.com/securityalert/8264
Frequently Asked Questions
What is the severity of CVE-2011-1937?
CVE-2011-1937 has a severity rating of medium due to its potential for cross-site scripting attacks.
How do I fix CVE-2011-1937?
To fix CVE-2011-1937, upgrade Webmin to version 1.541 or later where this vulnerability has been addressed.
What type of vulnerability is CVE-2011-1937?
CVE-2011-1937 is a cross-site scripting (XSS) vulnerability affecting Webmin.
Which versions of Webmin are affected by CVE-2011-1937?
CVE-2011-1937 affects Webmin versions 1.540 and earlier.
Can CVE-2011-1937 lead to data exposure?
Yes, CVE-2011-1937 can allow attackers to inject harmful scripts, potentially leading to data exposure.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/remedy
- agent/weakness
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/webmin
- canonical/webmin
- version/webmin/1.190
- version/webmin/1.160
- version/webmin/1.380
- version/webmin/0.990
- version/webmin/1.300
- version/webmin/1.040
- version/webmin/1.121
- version/webmin/0.82
- version/webmin/1.130
- version/webmin/0.88
- version/webmin/1.090
- version/webmin/1.060
- version/webmin/1.270
- version/webmin/0.960
- version/webmin/1.240
- version/webmin/1.340
- version/webmin/1.200
- version/webmin/1.210
- version/webmin/1.470
- version/webmin/1.540
- version/webmin/1.080
- version/webmin/0.87
- version/webmin/1.000
- version/webmin/1.320
- version/webmin/0.93
- version/webmin/1.390
- version/webmin/1.220
- version/webmin/1.350
- version/webmin/1.510
- version/webmin/1.440
- version/webmin/0.92
- version/webmin/1.110
- version/webmin/1.500
- version/webmin/1.180
- version/webmin/0.78
- version/webmin/1.260
- version/webmin/1.370
- version/webmin/1.250
- version/webmin/1.360
- version/webmin/1.290
- version/webmin/1.280
- version/webmin/1.030
- version/webmin/1.230
- version/webmin/1.330
- version/webmin/0.77
- version/webmin/1.490
- version/webmin/0.85
- version/webmin/1.480
- version/webmin/0.94
- version/webmin/1.530
- version/webmin/0.83
- version/webmin/1.441
- version/webmin/0.75
- version/webmin/0.950
- version/webmin/0.980
- version/webmin/0.84
- version/webmin/0.970
- version/webmin/1.070
- version/webmin/0.79
- version/webmin/0.76
- version/webmin/1.460
- version/webmin/1.050
- version/webmin/0.91
- version/webmin/1.430
- version/webmin/1.020
- version/webmin/1.140
- version/webmin/0.80
- version/webmin/1.170
- version/webmin/1.150
- version/webmin/1.520
- version/webmin/0.81
- version/webmin/1.010
- version/webmin/1.450
- version/webmin/1.310
- version/webmin/0.86
- version/webmin/1.400
- version/webmin/1.410
- version/webmin/1.100
- version/webmin/1.420