CVE-2024-36453: XSS
First published: Wed Jul 10 2024(Updated: )
Cross-site scripting vulnerability exists in session_login.cgi of Webmin versions prior to 1.970 and Usermin versions prior to 1.820. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product. As a result, a webpage may be altered or sensitive information such as a credential may be disclosed.
Credit: vultures@jpcert.or.jp
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Webmin | <1.970 | |
| Usermin | <1.820 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-36453?
CVE-2024-36453 has been classified with a medium severity rating due to the potential for cross-site scripting attacks.
How do I fix CVE-2024-36453?
To remediate CVE-2024-36453, upgrade Webmin to version 1.970 or higher and Usermin to version 1.820 or higher.
What products are affected by CVE-2024-36453?
CVE-2024-36453 affects Webmin versions prior to 1.970 and Usermin versions prior to 1.820.
What types of attacks can CVE-2024-36453 enable?
CVE-2024-36453 can enable cross-site scripting attacks, allowing attackers to execute arbitrary scripts in the user's web browser.
Who is impacted by CVE-2024-36453?
Users of Webmin and Usermin who are on affected versions are at risk of exploitation from CVE-2024-36453.
- agent/weakness
- agent/references
- agent/first-publish-date
- agent/type
- agent/description
- agent/author
- agent/severity
- collector/nvd-api
- source/NVD
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/webmin
- canonical/webmin
- canonical/usermin