Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2009-4568

Cross-site scripting (XSS) vulnerability in Webmin before 1.500 and Usermin before 1.430 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Security Impact Summary

CVE-2009-4568 is a security vulnerability that . Impacting 2 products from webmin, from webmin organizations running these solutions should prioritize assessment and patching.

Historical Context

Documented in 2010, this vulnerability occurred amid the cloud computing expansion era, where traditional network perimeter security models were being reevaluated. Organizations were transitioning from isolated infrastructure to interconnected systems, creating new attack surfaces that vulnerabilities like this could exploit.

Published

2010-01-05T19:00:00.340

Last Modified

2026-04-23T00:35:47.467

Status

Modified

Source

[email protected]

Severity

CVSSv2: 4.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

8.6

Impact Score

2.9

Weaknesses

Type: Primary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	webmin	usermin	≤ 1.32	Yes
Application	webmin	usermin	0.4	Yes
Application	webmin	usermin	0.5	Yes
Application	webmin	usermin	0.6	Yes
Application	webmin	usermin	0.7	Yes
Application	webmin	usermin	0.8	Yes
Application	webmin	usermin	0.9	Yes
Application	webmin	usermin	0.91	Yes
Application	webmin	usermin	0.92	Yes
Application	webmin	usermin	0.93	Yes
Application	webmin	usermin	0.94	Yes
Application	webmin	usermin	0.95	Yes
Application	webmin	usermin	0.96	Yes
Application	webmin	usermin	0.97	Yes
Application	webmin	usermin	0.98	Yes
Application	webmin	usermin	0.99	Yes
Application	webmin	usermin	1.000	Yes
Application	webmin	usermin	1.3	Yes
Application	webmin	usermin	1.010	Yes
Application	webmin	usermin	1.020	Yes
Application	webmin	usermin	1.030	Yes
Application	webmin	usermin	1.040	Yes
Application	webmin	usermin	1.051	Yes
Application	webmin	usermin	1.060	Yes
Application	webmin	usermin	1.070	Yes
Application	webmin	usermin	1.080	Yes
Application	webmin	usermin	1.090	Yes
Application	webmin	usermin	1.100	Yes
Application	webmin	usermin	1.110	Yes
Application	webmin	usermin	1.120	Yes
Application	webmin	usermin	1.130	Yes
Application	webmin	usermin	1.140	Yes
Application	webmin	usermin	1.150	Yes
Application	webmin	usermin	1.210	Yes
Application	webmin	usermin	1.220	Yes
Application	webmin	usermin	1.230	Yes
Application	webmin	usermin	1.240	Yes
Application	webmin	usermin	1.250	Yes
Application	webmin	usermin	1.260	Yes
Application	webmin	usermin	1.270	Yes
Application	webmin	usermin	1.280	Yes
Application	webmin	webmin	≤ 1.390	Yes
Application	webmin	webmin	0.1	Yes
Application	webmin	webmin	0.2	Yes
Application	webmin	webmin	0.3	Yes
Application	webmin	webmin	0.4	Yes
Application	webmin	webmin	0.5	Yes
Application	webmin	webmin	0.6	Yes
Application	webmin	webmin	0.7	Yes
Application	webmin	webmin	0.21	Yes
Application	webmin	webmin	0.22	Yes
Application	webmin	webmin	0.31	Yes
Application	webmin	webmin	0.41	Yes
Application	webmin	webmin	0.42	Yes
Application	webmin	webmin	0.51	Yes
Application	webmin	webmin	0.76	Yes
Application	webmin	webmin	0.77	Yes
Application	webmin	webmin	0.78	Yes
Application	webmin	webmin	0.79	Yes
Application	webmin	webmin	0.80	Yes
Application	webmin	webmin	0.83	Yes
Application	webmin	webmin	0.84	Yes
Application	webmin	webmin	0.85	Yes
Application	webmin	webmin	0.88	Yes
Application	webmin	webmin	0.90	Yes
Application	webmin	webmin	0.91	Yes
Application	webmin	webmin	0.92	Yes
Application	webmin	webmin	0.92.1	Yes
Application	webmin	webmin	0.93	Yes
Application	webmin	webmin	0.94	Yes
Application	webmin	webmin	0.95	Yes
Application	webmin	webmin	0.96	Yes
Application	webmin	webmin	0.97	Yes
Application	webmin	webmin	0.98	Yes
Application	webmin	webmin	0.99	Yes
Application	webmin	webmin	0.950	Yes
Application	webmin	webmin	0.960	Yes
Application	webmin	webmin	0.970	Yes
Application	webmin	webmin	0.980	Yes
Application	webmin	webmin	0.990	Yes
Application	webmin	webmin	1.0.10	Yes
Application	webmin	webmin	1.0.20	Yes
Application	webmin	webmin	1.0.30	Yes
Application	webmin	webmin	1.0.40	Yes
Application	webmin	webmin	1.0.50	Yes
Application	webmin	webmin	1.0.51	Yes
Application	webmin	webmin	1.0.60	Yes
Application	webmin	webmin	1.0.70	Yes
Application	webmin	webmin	1.0.80	Yes
Application	webmin	webmin	1.0.90	Yes
Application	webmin	webmin	1.1.00	Yes
Application	webmin	webmin	1.1.10	Yes
Application	webmin	webmin	1.1.20	Yes
Application	webmin	webmin	1.1.21	Yes
Application	webmin	webmin	1.1.30	Yes
Application	webmin	webmin	1.1.40	Yes
Application	webmin	webmin	1.1.50	Yes
Application	webmin	webmin	1.1.60	Yes
Application	webmin	webmin	1.2.20	Yes
Application	webmin	webmin	1.2.30	Yes
Application	webmin	webmin	1.2.40	Yes
Application	webmin	webmin	1.2.50	Yes
Application	webmin	webmin	1.2.60	Yes
Application	webmin	webmin	1.2.70	Yes
Application	webmin	webmin	1.2.80	Yes
Application	webmin	webmin	1.2.90	Yes
Application	webmin	webmin	1.3.20	Yes
Application	webmin	webmin	1.3.30	Yes
Application	webmin	webmin	1.335	Yes
Application	webmin	webmin	1.336	Yes
Application	webmin	webmin	1.337	Yes
Application	webmin	webmin	1.340	Yes
Application	webmin	webmin	1.343	Yes
Application	webmin	webmin	1.360	Yes
Application	webmin	webmin	1.370	Yes

References

http://secunia.com/advisories/37648 Vendor Advisory ([email protected])
http://www.mandriva.com/security/advisories?name=MDVSA-2010:036 ([email protected])
http://www.securityfocus.com/bid/37259 Patch ([email protected])
http://www.vupen.com/english/advisories/2009/3457 Patch, Vendor Advisory ([email protected])
http://www.webmin.com/security.html Patch, Vendor Advisory ([email protected])
http://secunia.com/advisories/37648 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDVSA-2010:036 (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/37259 Patch (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2009/3457 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.webmin.com/security.html Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For webmin's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.