{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-04-23T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in Webmin 1.540 and earlier allows local users to inject arbitrary web script or HTML via a chfn command that changes the real (aka Full Name) field, related to useradmin/index.cgi and useradmin/user-lib.pl."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2011-09-07T09:00:00.000Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "[oss-security] 20110524 Re: CVE Request: Webmin Local Privilege Escalation Vulnerability", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/05/24/7"}, {"tags": ["x_refsource_MISC"], "url": "http://www.youtube.com/watch?v=CUO7JLIGUf0"}, {"name": "1025438", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1025438"}, {"name": "20110424 XSS in Webmin 1.540 + exploit for privilege escalation", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/517658"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/webmin/webmin/commit/46e3d3ad195dcdc1af1795c96b6e0dc778fb6881"}, {"name": "[oss-security] 20110522 CVE Request: Webmin Local Privilege Escalation Vulnerability", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/05/22/1"}, {"name": "MDVSA-2011:109", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:109"}, {"name": "8264", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/8264"}, {"tags": ["x_refsource_MISC"], "url": "http://javierb.com.ar/2011/04/24/xss-webmin-1-540/"}, {"name": "47558", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/47558"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-1937", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in Webmin 1.540 and earlier allows local users to inject arbitrary web script or HTML via a chfn command that changes the real (aka Full Name) field, related to useradmin/index.cgi and useradmin/user-lib.pl."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[oss-security] 20110524 Re: CVE Request: Webmin Local Privilege Escalation Vulnerability", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2011/05/24/7"}, {"name": "http://www.youtube.com/watch?v=CUO7JLIGUf0", "refsource": "MISC", "url": "http://www.youtube.com/watch?v=CUO7JLIGUf0"}, {"name": "1025438", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1025438"}, {"name": "20110424 XSS in Webmin 1.540 + exploit for privilege escalation", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/517658"}, {"name": "https://github.com/webmin/webmin/commit/46e3d3ad195dcdc1af1795c96b6e0dc778fb6881", "refsource": "CONFIRM", "url": "https://github.com/webmin/webmin/commit/46e3d3ad195dcdc1af1795c96b6e0dc778fb6881"}, {"name": "[oss-security] 20110522 CVE Request: Webmin Local Privilege Escalation Vulnerability", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2011/05/22/1"}, {"name": "MDVSA-2011:109", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:109"}, {"name": "8264", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/8264"}, {"name": "http://javierb.com.ar/2011/04/24/xss-webmin-1-540/", "refsource": "MISC", "url": "http://javierb.com.ar/2011/04/24/xss-webmin-1-540/"}, {"name": "47558", "refsource": "BID", "url": "http://www.securityfocus.com/bid/47558"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T22:46:00.806Z"}, "title": "CVE Program Container", "references": [{"name": "[oss-security] 20110524 Re: CVE Request: Webmin Local Privilege Escalation Vulnerability", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/05/24/7"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.youtube.com/watch?v=CUO7JLIGUf0"}, {"name": "1025438", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1025438"}, {"name": "20110424 XSS in Webmin 1.540 + exploit for privilege escalation", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/517658"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/webmin/webmin/commit/46e3d3ad195dcdc1af1795c96b6e0dc778fb6881"}, {"name": "[oss-security] 20110522 CVE Request: Webmin Local Privilege Escalation Vulnerability", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/05/22/1"}, {"name": "MDVSA-2011:109", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:109"}, {"name": "8264", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/8264"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://javierb.com.ar/2011/04/24/xss-webmin-1-540/"}, {"name": "47558", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/47558"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2011-1937", "datePublished": "2011-05-31T20:00:00.000Z", "dateReserved": "2011-05-09T00:00:00.000Z", "dateUpdated": "2024-08-06T22:46:00.806Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*", "matchCriteriaId": "99196F59-548C-40FD-9EA7-6200901120E6", "versionEndIncluding": "1.540", "vulnerable": true}, {"criteria": "cpe:2.3:a:webmin:webmin:0.75:*:*:*:*:*:*:*", "matchCriteriaId": "180192C4-DDF9-4278-A213-24A91137D4FA", "vulnerable": true}, {"criteria": "cpe:2.3:a:webmin:webmin:0.76:*:*:*:*:*:*:*", "matchCriteriaId": "F05CF0BA-0606-42E5-A631-D302FF1D59F0", "vulnerable": true}, {"criteria": "cpe:2.3:a:webmin:webmin:0.77:*:*:*:*:*:*:*", "matchCriteriaId": "6A79B7B3-708A-42E4-B4EF-7746F6292DB5", "vulnerable": true}, {"criteria": "cpe:2.3:a:webmin:webmin:0.78:*:*:*:*:*:*:*", "matchCriteriaId": "E2F06BC0-0418-4A1C-BD4A-B7429A6CEA39", "vulnerable": true}, {"criteria": "cpe:2.3:a:webmin:webmin:0.79:*:*:*:*:*:*:*", "matchCriteriaId": "1817FDA9-31F4-4D4A-A867-386D2F1CDB1C", "vulnerable": true}, {"criteria": "cpe:2.3:a:webmin:webmin:0.80:*:*:*:*:*:*:*", "matchCriteriaId": "23522A64-FD03-4C5B-9A8A-5E7CDDC65CEE", "vulnerable": true}, {"criteria": "cpe:2.3:a:webmin:webmin:0.81:*:*:*:*:*:*:*", "matchCriteriaId": "192B0ED0-5967-4169-A644-1DAB8D4BF981", "vulnerable": true}, {"criteria": "cpe:2.3:a:webmin:webmin:0.82:*:*:*:*:*:*:*", "matchCriteriaId": "E2B5EE2D-9105-4BD5-B298-34DFB332A728", "vulnerable": true}, {"criteria": "cpe:2.3:a:webmin:webmin:0.83:*:*:*:*:*:*:*", "matchCriteriaId": "DFD94AA9-CABA-4FC8-8367-D5D9D8B4F623", "vulnerable": true}, {"criteria": "cpe:2.3:a:webmin:webmin:0.84:*:*:*:*:*:*:*", "matchCriteriaId": "35B136CA-47BF-46DE-885A-9E74EBDE5306", "vulnerable": true}, {"criteria": "cpe:2.3:a:webmin:webmin:0.85:*:*:*:*:*:*:*", "matchCriteriaId": "E9A3F522-6E6D-446C-8694-7AE91F19F1C7", "vulnerable": true}, {"criteria": "cpe:2.3:a:webmin:webmin:0.86:*:*:*:*:*:*:*", "matchCriteriaId": "B9B426CD-5105-4EDE-8ED5-991C6B712DF4", "vulnerable": true}, {"criteria": "cpe:2.3:a:webmin:webmin:0.87:*:*:*:*:*:*:*", "matchCriteriaId": "FE21BBCF-6F4B-4EEA-B80B-2AE46B6FB2ED", "vulnerable": true}, {"criteria": "cpe:2.3:a:webmin:webmin:0.88:*:*:*:*:*:*:*", "matchCriteriaId": "DBB86BC7-4A99-4C5B-9460-CDDA7C4E4041", "vulnerable": true}, {"criteria": "cpe:2.3:a:webmin:webmin:0.91:*:*:*:*:*:*:*", "matchCriteriaId": "0B0813F3-1886-481E-8822-4BD199C4934F", "vulnerable": true}, {"criteria": "cpe:2.3:a:webmin:webmin:0.92:*:*:*:*:*:*:*", "matchCriteriaId": "6D25A7CA-ED9D-4562-8965-D4906D1BE5FA", "vulnerable": true}, {"criteria": "cpe:2.3:a:webmin:webmin:0.93:*:*:*:*:*:*:*", "matchCriteriaId": "C1F2D028-F2F9-4CE0-A24B-7DB44D488D4E", "vulnerable": true}, {"criteria": "cpe:2.3:a:webmin:webmin:0.94:*:*:*:*:*:*:*", "matchCriteriaId": "82EE7A9B-5688-4933-95B9-476873D44A65", "vulnerable": true}, {"criteria": "cpe:2.3:a:webmin:webmin:0.950:*:*:*:*:*:*:*", "matchCriteriaId": "08068E84-9EE5-4742-B70A-567CD4199604", "vulnerable": true}, {"criteria": "cpe:2.3:a:webmin:webmin:0.960:*:*:*:*:*:*:*", "matchCriteriaId": "5C6D5F6A-B34F-4134-959F-C31FC84EBCF9", "vulnerable": true}, {"criteria": "cpe:2.3:a:webmin:webmin:0.970:*:*:*:*:*:*:*", "matchCriteriaId": "DB4FEC51-DD03-418D-8E55-CEE696BE2D74", "vulnerable": true}, {"criteria": "cpe:2.3:a:webmin:webmin:0.980:*:*:*:*:*:*:*", "matchCriteriaId": "4B9F8F43-F9EC-4BC0-BDF6-EC3EDF5A71F4", "vulnerable": true}, {"criteria": "cpe:2.3:a:webmin:webmin:0.990:*:*:*:*:*:*:*", "matchCriteriaId": "DB6865E9-F244-4019-AA4C-3DB1655A6AA0", "vulnerable": true}, {"criteria": "cpe:2.3:a:webmin:webmin:1.000:*:*:*:*:*:*:*", "matchCriteriaId": "17054066-DE7F-4BE7-A2DA-9426DE6B7D3E", "vulnerable": true}, {"criteria": "cpe:2.3:a:webmin:webmin:1.010:*:*:*:*:*:*:*", "matchCriteriaId": "8C04909C-17D9-46FF-BCCF-45F2531A1B6A", "vulnerable": true}, {"criteria": "cpe:2.3:a:webmin:webmin:1.020:*:*:*:*:*:*:*", "matchCriteriaId": "4B12A859-CFE1-46B7-B607-AF5BB6F5A081", "vulnerable": true}, {"criteria": "cpe:2.3:a:webmin:webmin:1.030:*:*:*:*:*:*:*", "matchCriteriaId": "860599C2-ED30-454A-8ABA-D62F6019D1E1", "vulnerable": true}, {"criteria": "cpe:2.3:a:webmin:webmin:1.040:*:*:*:*:*:*:*", "matchCriteriaId": "92F68614-84A3-4CB8-9481-9D3D089FF3E4", "vulnerable": true}, {"criteria": "cpe:2.3:a:webmin:webmin:1.050:*:*:*:*:*:*:*", "matchCriteriaId": "E1539E34-B384-4882-953E-896971C1E8AE", "vulnerable": true}, {"criteria": "cpe:2.3:a:webmin:webmin:1.060:*:*:*:*:*:*:*", "matchCriteriaId": "784B61DA-2890-4B4C-9D07-258A2C183132", "vulnerable": true}, {"criteria": "cpe:2.3:a:webmin:webmin:1.070:*:*:*:*:*:*:*", "matchCriteriaId": "8E91A2F5-2C56-4D5E-BBC7-F48BF458C264", "vulnerable": true}, {"criteria": "cpe:2.3:a:webmin:webmin:1.080:*:*:*:*:*:*:*", "matchCriteriaId": "6CE691D3-3A39-4B95-BD15-562D8A80BAE9", "vulnerable": true}, {"criteria": "cpe:2.3:a:webmin:webmin:1.090:*:*:*:*:*:*:*", "matchCriteriaId": "DE8E9AF8-6660-45F7-BF4A-B9C71CED7A68", "vulnerable": true}, {"criteria": "cpe:2.3:a:webmin:webmin:1.100:*:*:*:*:*:*:*", "matchCriteriaId": "84063206-CEF4-4829-A74A-55C767923D5A", "vulnerable": true}, {"criteria": "cpe:2.3:a:webmin:webmin:1.110:*:*:*:*:*:*:*", "matchCriteriaId": "D885CB6A-06E9-416C-93D2-9C5A9931CF56", "vulnerable": true}, {"criteria": "cpe:2.3:a:webmin:webmin:1.121:*:*:*:*:*:*:*", "matchCriteriaId": "97FE2F9D-C573-44BB-A542-8512FD27D130", "vulnerable": true}, {"criteria": "cpe:2.3:a:webmin:webmin:1.130:*:*:*:*:*:*:*", "matchCriteriaId": "8209350C-BD76-43E2-9E81-CECD03A214B9", "vulnerable": true}, {"criteria": "cpe:2.3:a:webmin:webmin:1.140:*:*:*:*:*:*:*", "matchCriteriaId": "86FB60E8-8A87-4838-8144-1FCFB8C382FC", "vulnerable": true}, {"criteria": "cpe:2.3:a:webmin:webmin:1.150:*:*:*:*:*:*:*", "matchCriteriaId": "A98A70E1-A1BD-45A6-A409-97B7FAA07E5D", "vulnerable": true}, {"criteria": "cpe:2.3:a:webmin:webmin:1.160:*:*:*:*:*:*:*", "matchCriteriaId": "09CB193D-3D6B-4680-8490-6FAA714C45A4", "vulnerable": true}, {"criteria": "cpe:2.3:a:webmin:webmin:1.170:*:*:*:*:*:*:*", "matchCriteriaId": "471E5FDB-0C34-4D3A-BACC-1EADE1ADCE83", "vulnerable": true}, {"criteria": "cpe:2.3:a:webmin:webmin:1.180:*:*:*:*:*:*:*", "matchCriteriaId": "F97EC65B-0E6A-4F25-B7DC-1C1297173684", "vulnerable": true}, {"criteria": "cpe:2.3:a:webmin:webmin:1.190:*:*:*:*:*:*:*", "matchCriteriaId": "4390E10A-027E-423E-ABE3-86099074B4AF", "vulnerable": true}, {"criteria": "cpe:2.3:a:webmin:webmin:1.200:*:*:*:*:*:*:*", "matchCriteriaId": "B44FF660-7348-4F60-BE4D-1815C095C88A", "vulnerable": true}, {"criteria": "cpe:2.3:a:webmin:webmin:1.210:*:*:*:*:*:*:*", "matchCriteriaId": "7350164E-520E-4BA0-8C51-19EE7D1E5FA2", "vulnerable": true}, {"criteria": "cpe:2.3:a:webmin:webmin:1.220:*:*:*:*:*:*:*", "matchCriteriaId": "7B2E5B42-C492-4F59-B250-C40095CF2582", "vulnerable": true}, {"criteria": "cpe:2.3:a:webmin:webmin:1.230:*:*:*:*:*:*:*", "matchCriteriaId": "D4155856-F5A3-4125-952E-82E93DDDE088", "vulnerable": true}, {"criteria": "cpe:2.3:a:webmin:webmin:1.240:*:*:*:*:*:*:*", "matchCriteriaId": "EB0BE82F-EC96-428E-871B-1332045EE9C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:webmin:webmin:1.250:*:*:*:*:*:*:*", "matchCriteriaId": "B80E81F6-2A96-4014-8045-FC0C1B4CEB1C", "vulnerable": true}, {"criteria": "cpe:2.3:a:webmin:webmin:1.260:*:*:*:*:*:*:*", "matchCriteriaId": "D38FB71E-4663-48EC-8164-105AF85AEB51", "vulnerable": true}, {"criteria": "cpe:2.3:a:webmin:webmin:1.270:*:*:*:*:*:*:*", "matchCriteriaId": "A95386F4-123A-407A-A735-F12FD9711BEC", "vulnerable": true}, {"criteria": "cpe:2.3:a:webmin:webmin:1.280:*:*:*:*:*:*:*", "matchCriteriaId": "030A8C8C-D60D-467D-80CE-B2B00572F05F", "vulnerable": true}, {"criteria": "cpe:2.3:a:webmin:webmin:1.290:*:*:*:*:*:*:*", "matchCriteriaId": "1CE7F5BF-2B5D-44B4-8865-90E58771239C", "vulnerable": true}, {"criteria": "cpe:2.3:a:webmin:webmin:1.300:*:*:*:*:*:*:*", "matchCriteriaId": "41462964-E5BA-4182-ABF4-54ECD5D97DAB", "vulnerable": true}, {"criteria": "cpe:2.3:a:webmin:webmin:1.310:*:*:*:*:*:*:*", "matchCriteriaId": "85AAE04F-4530-454A-AC2C-2581197EAD0B", "vulnerable": true}, {"criteria": "cpe:2.3:a:webmin:webmin:1.320:*:*:*:*:*:*:*", "matchCriteriaId": "2F2634CD-846C-4343-B50F-21AD7380212B", "vulnerable": true}, {"criteria": "cpe:2.3:a:webmin:webmin:1.330:*:*:*:*:*:*:*", "matchCriteriaId": "60489FB9-5D98-4611-8FBE-7F6A901BBFA1", "vulnerable": true}, {"criteria": "cpe:2.3:a:webmin:webmin:1.340:*:*:*:*:*:*:*", "matchCriteriaId": "85A8F9EA-7A8D-4BA9-9732-DE93388800A3", "vulnerable": true}, {"criteria": "cpe:2.3:a:webmin:webmin:1.350:*:*:*:*:*:*:*", "matchCriteriaId": "4D4C622D-6ED7-4F11-A43B-FE00B088CEAE", "vulnerable": true}, {"criteria": "cpe:2.3:a:webmin:webmin:1.360:*:*:*:*:*:*:*", "matchCriteriaId": "080FCFDE-557E-4D35-8701-96AC28381ADF", "vulnerable": true}, {"criteria": "cpe:2.3:a:webmin:webmin:1.370:*:*:*:*:*:*:*", "matchCriteriaId": "E948F223-D365-4D5B-9C2B-FB064F8DC00B", "vulnerable": true}, {"criteria": "cpe:2.3:a:webmin:webmin:1.380:*:*:*:*:*:*:*", "matchCriteriaId": "DF07B559-9FEE-40FF-AA85-0018998F7E22", "vulnerable": true}, {"criteria": "cpe:2.3:a:webmin:webmin:1.390:*:*:*:*:*:*:*", "matchCriteriaId": "2B767E9C-D321-4972-BF7A-B5E62956D6CD", "vulnerable": true}, {"criteria": "cpe:2.3:a:webmin:webmin:1.400:*:*:*:*:*:*:*", "matchCriteriaId": "F97A0281-1C70-4476-9441-400C83AB39E6", "vulnerable": true}, {"criteria": "cpe:2.3:a:webmin:webmin:1.410:*:*:*:*:*:*:*", "matchCriteriaId": "46563F83-035B-49AF-94B4-909CE53945D3", "vulnerable": true}, {"criteria": "cpe:2.3:a:webmin:webmin:1.420:*:*:*:*:*:*:*", "matchCriteriaId": "75736565-8B44-48C2-92AE-AF4B19A5C18D", "vulnerable": true}, {"criteria": "cpe:2.3:a:webmin:webmin:1.430:*:*:*:*:*:*:*", "matchCriteriaId": "0A50E69D-EE5A-4DC7-A884-F6B10E677E4B", "vulnerable": true}, {"criteria": "cpe:2.3:a:webmin:webmin:1.440:*:*:*:*:*:*:*", "matchCriteriaId": "19FCDACE-0BB2-4891-94BE-5E8F1BB72386", "vulnerable": true}, {"criteria": "cpe:2.3:a:webmin:webmin:1.441:*:*:*:*:*:*:*", "matchCriteriaId": "4462604D-A3FE-4DA4-A401-59AA433686A3", "vulnerable": true}, {"criteria": "cpe:2.3:a:webmin:webmin:1.450:*:*:*:*:*:*:*", "matchCriteriaId": "6EE2A989-3136-4B0F-AA9C-4C002532FCB3", "vulnerable": true}, {"criteria": "cpe:2.3:a:webmin:webmin:1.460:*:*:*:*:*:*:*", "matchCriteriaId": "FF407748-7342-487E-86B9-038361C09B45", "vulnerable": true}, {"criteria": "cpe:2.3:a:webmin:webmin:1.470:*:*:*:*:*:*:*", "matchCriteriaId": "C4F2FAD3-E922-4E17-95EC-E6D2F1BC9778", "vulnerable": true}, {"criteria": "cpe:2.3:a:webmin:webmin:1.480:*:*:*:*:*:*:*", "matchCriteriaId": "B0D66B84-678C-4568-8543-319A9C4D4116", "vulnerable": true}, {"criteria": "cpe:2.3:a:webmin:webmin:1.490:*:*:*:*:*:*:*", "matchCriteriaId": "0C548C2A-18F0-43F0-A98B-B730E33B0A87", "vulnerable": true}, {"criteria": "cpe:2.3:a:webmin:webmin:1.500:*:*:*:*:*:*:*", "matchCriteriaId": "8CD4CB9A-2C24-4548-8204-D936927F8362", "vulnerable": true}, {"criteria": "cpe:2.3:a:webmin:webmin:1.510:*:*:*:*:*:*:*", "matchCriteriaId": "1582111F-8C80-41C9-84D5-8C2BAD1511C3", "vulnerable": true}, {"criteria": "cpe:2.3:a:webmin:webmin:1.520:*:*:*:*:*:*:*", "matchCriteriaId": "97A98749-3256-4027-8AF0-F9756AA96CA8", "vulnerable": true}, {"criteria": "cpe:2.3:a:webmin:webmin:1.530:*:*:*:*:*:*:*", "matchCriteriaId": "5A7B281C-00C6-405A-AC41-0C29E29AB412", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in Webmin 1.540 and earlier allows local users to inject arbitrary web script or HTML via a chfn command that changes the real (aka Full Name) field, related to useradmin/index.cgi and useradmin/user-lib.pl."}, {"lang": "es", "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Webmin 1.540 y versiones anteriores permite a usuarios remotos inyectar codigo de script web o c\u00f3digo HTML de su elecci\u00f3n a trav\u00e9s de un comando chfn que modifica el campo real (Full Name). Relacionado con useradmin/index.cgi y useradmin/user-lib.pl."}], "id": "CVE-2011-1937", "lastModified": "2026-04-29T01:13:23.040", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2011-05-31T20:55:05.173", "references": [{"source": "secalert@redhat.com", "tags": ["Exploit"], "url": "http://javierb.com.ar/2011/04/24/xss-webmin-1-540/"}, {"source": "secalert@redhat.com", "url": "http://openwall.com/lists/oss-security/2011/05/22/1"}, {"source": "secalert@redhat.com", "tags": ["Exploit"], "url": "http://openwall.com/lists/oss-security/2011/05/24/7"}, {"source": "secalert@redhat.com", "url": "http://securityreason.com/securityalert/8264"}, {"source": "secalert@redhat.com", "tags": ["Exploit"], "url": "http://securitytracker.com/id?1025438"}, {"source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:109"}, {"source": "secalert@redhat.com", "tags": ["Exploit"], "url": "http://www.securityfocus.com/archive/1/517658"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/47558"}, {"source": "secalert@redhat.com", "tags": ["Exploit"], "url": "http://www.youtube.com/watch?v=CUO7JLIGUf0"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "https://github.com/webmin/webmin/commit/46e3d3ad195dcdc1af1795c96b6e0dc778fb6881"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://javierb.com.ar/2011/04/24/xss-webmin-1-540/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/05/22/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://openwall.com/lists/oss-security/2011/05/24/7"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/8264"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://securitytracker.com/id?1025438"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:109"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.securityfocus.com/archive/1/517658"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/47558"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.youtube.com/watch?v=CUO7JLIGUf0"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/webmin/webmin/commit/46e3d3ad195dcdc1af1795c96b6e0dc778fb6881"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}