Computer Security

CVE-2007-3156
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



CVECVE-2007-3156
StatusCandidate
DescriptionMultiple cross-site scripting (XSS) vulnerabilities in pam_login.cgi in Webmin before 1.350 and Usermin before 1.280 allow remote attackers to inject arbitrary web script or HTML via the (1) cid, (2) message, or (3) question parameter.  NOTE: some of these details are obtained from third party information.
SeverityMedium
CVSS score4,3
CVSS vector(AV:N/AC:M/Au:N/C:N/I:P/A:N)
PhaseAssigned (13.09.2011)
NVD:http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3156
ReferencesBID : 24381
 CONFIRM : http://www.webmin.com/changes-1.350.html
 CONFIRM : http://www.webmin.com/security.html
 FRSIRT : ADV-2007-2117
 GENTOO : GLSA-200707-05
 MANDRIVA : MDKSA-2007:135
 SECUNIA : 25580
 SECUNIA : 25785
 SECUNIA : 25956
SecurityVulns:Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server