Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2009-4568

Cross-site scripting (XSS) vulnerability in Webmin before 1.500 and Usermin before 1.430 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published

2010-01-05T19:00:00.340

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 4.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

8.6

Impact Score

2.9

Weaknesses

Type: Primary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	webmin	usermin	≤ 1.32	Yes
Application	webmin	usermin	0.4	Yes
Application	webmin	usermin	0.5	Yes
Application	webmin	usermin	0.6	Yes
Application	webmin	usermin	0.7	Yes
Application	webmin	usermin	0.8	Yes
Application	webmin	usermin	0.9	Yes
Application	webmin	usermin	0.91	Yes
Application	webmin	usermin	0.92	Yes
Application	webmin	usermin	0.93	Yes
Application	webmin	usermin	0.94	Yes
Application	webmin	usermin	0.95	Yes
Application	webmin	usermin	0.96	Yes
Application	webmin	usermin	0.97	Yes
Application	webmin	usermin	0.98	Yes
Application	webmin	usermin	0.99	Yes
Application	webmin	usermin	1.000	Yes
Application	webmin	usermin	1.3	Yes
Application	webmin	usermin	1.010	Yes
Application	webmin	usermin	1.020	Yes
Application	webmin	usermin	1.030	Yes
Application	webmin	usermin	1.040	Yes
Application	webmin	usermin	1.051	Yes
Application	webmin	usermin	1.060	Yes
Application	webmin	usermin	1.070	Yes
Application	webmin	usermin	1.080	Yes
Application	webmin	usermin	1.090	Yes
Application	webmin	usermin	1.100	Yes
Application	webmin	usermin	1.110	Yes
Application	webmin	usermin	1.120	Yes
Application	webmin	usermin	1.130	Yes
Application	webmin	usermin	1.140	Yes
Application	webmin	usermin	1.150	Yes
Application	webmin	usermin	1.210	Yes
Application	webmin	usermin	1.220	Yes
Application	webmin	usermin	1.230	Yes
Application	webmin	usermin	1.240	Yes
Application	webmin	usermin	1.250	Yes
Application	webmin	usermin	1.260	Yes
Application	webmin	usermin	1.270	Yes
Application	webmin	usermin	1.280	Yes
Application	webmin	webmin	≤ 1.390	Yes
Application	webmin	webmin	0.1	Yes
Application	webmin	webmin	0.2	Yes
Application	webmin	webmin	0.3	Yes
Application	webmin	webmin	0.4	Yes
Application	webmin	webmin	0.5	Yes
Application	webmin	webmin	0.6	Yes
Application	webmin	webmin	0.7	Yes
Application	webmin	webmin	0.21	Yes
Application	webmin	webmin	0.22	Yes
Application	webmin	webmin	0.31	Yes
Application	webmin	webmin	0.41	Yes
Application	webmin	webmin	0.42	Yes
Application	webmin	webmin	0.51	Yes
Application	webmin	webmin	0.76	Yes
Application	webmin	webmin	0.77	Yes
Application	webmin	webmin	0.78	Yes
Application	webmin	webmin	0.79	Yes
Application	webmin	webmin	0.80	Yes
Application	webmin	webmin	0.83	Yes
Application	webmin	webmin	0.84	Yes
Application	webmin	webmin	0.85	Yes
Application	webmin	webmin	0.88	Yes
Application	webmin	webmin	0.90	Yes
Application	webmin	webmin	0.91	Yes
Application	webmin	webmin	0.92	Yes
Application	webmin	webmin	0.92.1	Yes
Application	webmin	webmin	0.93	Yes
Application	webmin	webmin	0.94	Yes
Application	webmin	webmin	0.95	Yes
Application	webmin	webmin	0.96	Yes
Application	webmin	webmin	0.97	Yes
Application	webmin	webmin	0.98	Yes
Application	webmin	webmin	0.99	Yes
Application	webmin	webmin	0.950	Yes
Application	webmin	webmin	0.960	Yes
Application	webmin	webmin	0.970	Yes
Application	webmin	webmin	0.980	Yes
Application	webmin	webmin	0.990	Yes
Application	webmin	webmin	1.0.10	Yes
Application	webmin	webmin	1.0.20	Yes
Application	webmin	webmin	1.0.30	Yes
Application	webmin	webmin	1.0.40	Yes
Application	webmin	webmin	1.0.50	Yes
Application	webmin	webmin	1.0.51	Yes
Application	webmin	webmin	1.0.60	Yes
Application	webmin	webmin	1.0.70	Yes
Application	webmin	webmin	1.0.80	Yes
Application	webmin	webmin	1.0.90	Yes
Application	webmin	webmin	1.1.00	Yes
Application	webmin	webmin	1.1.10	Yes
Application	webmin	webmin	1.1.20	Yes
Application	webmin	webmin	1.1.21	Yes
Application	webmin	webmin	1.1.30	Yes
Application	webmin	webmin	1.1.40	Yes
Application	webmin	webmin	1.1.50	Yes
Application	webmin	webmin	1.1.60	Yes
Application	webmin	webmin	1.2.20	Yes
Application	webmin	webmin	1.2.30	Yes
Application	webmin	webmin	1.2.40	Yes
Application	webmin	webmin	1.2.50	Yes
Application	webmin	webmin	1.2.60	Yes
Application	webmin	webmin	1.2.70	Yes
Application	webmin	webmin	1.2.80	Yes
Application	webmin	webmin	1.2.90	Yes
Application	webmin	webmin	1.3.20	Yes
Application	webmin	webmin	1.3.30	Yes
Application	webmin	webmin	1.335	Yes
Application	webmin	webmin	1.336	Yes
Application	webmin	webmin	1.337	Yes
Application	webmin	webmin	1.340	Yes
Application	webmin	webmin	1.343	Yes
Application	webmin	webmin	1.360	Yes
Application	webmin	webmin	1.370	Yes

References

http://secunia.com/advisories/37648 Vendor Advisory ([email protected])
http://www.mandriva.com/security/advisories?name=MDVSA-2010:036 ([email protected])
http://www.securityfocus.com/bid/37259 Patch ([email protected])
http://www.vupen.com/english/advisories/2009/3457 Patch, Vendor Advisory ([email protected])
http://www.webmin.com/security.html Patch, Vendor Advisory ([email protected])
http://secunia.com/advisories/37648 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDVSA-2010:036 (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/37259 Patch (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2009/3457 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.webmin.com/security.html Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)