FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

webmin -- cross site scripting vulnerability

Affected packages
webmin < 1.350

Details

VuXML ID 12b7286f-16a2-11dc-b803-0016179b2dd5
Discovery 2007-06-01
Entry 2007-06-09
Modified 2010-05-12

Secunia reports:

Input passed to unspecified parameters in pam_login.cgi is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

References

Bugtraq ID 24381
CVE Name CVE-2007-3156
URL http://secunia.com/advisories/25580/
URL http://www.webmin.com/changes-1.350.html