Cross-site scripting (XSS) vulnerability in Webmin before 1.690, when referrer checking is disabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this might overlap CVE-2014-3924.
2014-07-20T11:12:50.527
2025-04-12T10:46:40.837
Deferred
CVSSv2: 2.6 (LOW)
AV:N/AC:H/Au:N/C:N/I:P/A:N
4.9
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | webmin | webmin | ≤ 1.680 | Yes |
| Application | webmin | webmin | 1.600 | Yes |
| Application | webmin | webmin | 1.610 | Yes |
| Application | webmin | webmin | 1.620 | Yes |
| Application | webmin | webmin | 1.630 | Yes |
| Application | webmin | webmin | 1.640 | Yes |
| Application | webmin | webmin | 1.650 | Yes |
| Application | webmin | webmin | 1.660 | Yes |
| Application | webmin | webmin | 1.670 | Yes |