Published: 05/09/2006 Updated: 20/07/2017
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

Webmin prior to 1.296 and Usermin prior to 1.226 do not properly handle a URL with a null ("%00") character, which allows remote malicious users to conduct cross-site scripting (XSS), read CGI program source code, list directories, and possibly execute programs.

Vendor Advisories

Several vulnerabilities have been identified in webmin, a web-based administration toolkit The Common Vulnerabilities and Exposures project identifies the following vulnerabilities: CVE-2005-3912 A format string vulnerability in miniservpl could allow an attacker to cause a denial of service by crashing the application or exhausting system re ...