CVE-2024-36450: XSS
First published: Wed Jul 10 2024(Updated: )
Cross-site scripting vulnerability exists in sysinfo.cgi of Webmin versions prior to 1.910. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product. As a result, a session ID may be obtained, a webpage may be altered, or a server may be halted.
Credit: vultures@jpcert.or.jp
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Webmin | <1.910 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-36450?
CVE-2024-36450 is considered a high severity cross-site scripting vulnerability.
How do I fix CVE-2024-36450?
To fix CVE-2024-36450, you should upgrade Webmin to version 1.910 or later.
What products are affected by CVE-2024-36450?
CVE-2024-36450 affects all versions of Webmin prior to 1.910.
What could happen if CVE-2024-36450 is exploited?
If exploited, CVE-2024-36450 could allow an attacker to execute arbitrary scripts in the user's browser, potentially stealing session IDs.
How can I detect CVE-2024-36450 in my environment?
You can detect CVE-2024-36450 by checking the version of Webmin you are running and looking for security audit logs indicating script injections.
- agent/weakness
- agent/references
- agent/description
- agent/type
- agent/first-publish-date
- agent/author
- agent/event
- agent/severity
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/webmin
- canonical/webmin