BDSA-2023-3058 |
|
High |
Nov 08, 2023 |
Virtualmin contains a stored cross-site scripting (XSS) vulnerability due to insufficient sanitization of user-supplied input. An attacker could exploi
more...
Virtualmin contains a stored cross-site scripting (XSS) vulnerability due to insufficient sanitization of user-supplied input. An attacker could exploit this issue by injecting malicious JavaScript/HTML code within the affected parameter which would execute the malicious payload in the context of the victim's browser when the virtual server summary page is viewed. This could result in the exposure of sensitive user information such as authentication tokes or user session cookies.
less...
|
|
BDSA-2023-3057 |
|
High |
Nov 08, 2023 |
Virtualmin contains a stored cross-site scripting (XSS) vulnerability due to insufficient sanitization of user-supplied input. An attacker could exploi
more...
Virtualmin contains a stored cross-site scripting (XSS) vulnerability due to insufficient sanitization of user-supplied input. An attacker could exploit this issue by injecting JavaScript/HTML code within the affected parameter field which would execute the malicious payload in the context of a victim's browser when the module is viewed. This could result in the exposure of sensitive user information such as authentication tokes or user session cookies.
less...
|
|
BDSA-2023-3056 |
|
High |
Nov 07, 2023 |
Virtualmin contains a reflected cross-site scripting (XSS) vulnerability due to insufficient sanitization of user-supplied input. Successful exploitati
more...
Virtualmin contains a reflected cross-site scripting (XSS) vulnerability due to insufficient sanitization of user-supplied input. Successful exploitation of this issue enables an attacker to inject maliciously crafted HTML/JavaScript code into a vulnerable field in order to gain access to sensitive information such as authentication tokens or user-session cookies.
less...
|
|
BDSA-2023-3055 |
|
High |
Nov 07, 2023 |
Virtualmin contains a stored cross-site scripting (XSS) vulnerability due to insufficient sanitization of user-supplied input. An authenticated attacke
more...
Virtualmin contains a stored cross-site scripting (XSS) vulnerability due to insufficient sanitization of user-supplied input. An authenticated attacker could exploit this issue in order to gain access to sensitive information such as authenticated tokens or user session cookies by injecting malicious web scripts within the `real name` or `description` fields, which will be executed within the context of the victims browser.
less...
|
|
BDSA-2023-3053 |
|
High |
Nov 07, 2023 |
Virtualmin contains a stored cross-site scripting (XSS) vulnerability due to insufficient sanitation of user-supplied content. An attacker could exploi
more...
Virtualmin contains a stored cross-site scripting (XSS) vulnerability due to insufficient sanitation of user-supplied content. An attacker could exploit this issue by uploading crafted JavaScript to the application, which would be executed if interacted with by another user. This could lead to the loss of a victim's sensitive information, such as session tokens and cookies.
less...
|
|
BDSA-2023-3051 |
|
High |
Nov 07, 2023 |
Virtualmin contains a stored cross-site scripting (XSS) vulnerability due to insufficient sanitation of user-supplied content. An attacker could exploi
more...
Virtualmin contains a stored cross-site scripting (XSS) vulnerability due to insufficient sanitation of user-supplied content. An attacker could exploit this issue by uploading crafted JavaScript to the application, which would be executed if interacted with by another user. This could lead to the loss of a victim's sensitive information, such as session tokens and cookies.
less...
|
|
BDSA-2023-2448 |
|
High |
Sep 15, 2023 |
Webmin and Usermin are vulnerable to stored cross-site scripting (XSS). This could allow an authenticated attacker to inject arbitrary web scripts in t
more...
Webmin and Usermin are vulnerable to stored cross-site scripting (XSS). This could allow an authenticated attacker to inject arbitrary web scripts in the Usermin configuration to obtain sensitive information such as authentication tokens or user session cookies.
less...
|
|