CVE-2007-3156 Detail

CVE-2007-3156

CVE Descriptions

Multiple cross-site scripting (XSS) vulnerabilities in pam_login.cgi in Webmin before 1.350 and Usermin before 1.280 allow remote attackers to inject arbitrary web script or HTML via the (1) cid, (2) message, or (3) question parameter. NOTE: some of these details are obtained from third party information.

CVE Informations

Related Weaknesses

CWE-ID	Weakness Name	Source
CWE-79	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Metrics

Metrics	Score	Severity	CVSS Vector	Source
V2	4.3		AV:N/AC:M/Au:N/C:N/I:P/A:N	[email protected]

EPSS

EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.

EPSS Score

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

EPSS Percentile

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.

EPSS First.org

Products Mentioned

Configuraton 0

Webmin>>Usermin >> Version To (including) 1.280

Webmin>>Usermin >> Version 0.4 (Open CPE detail)
Webmin>>Usermin >> Version 0.5 (Open CPE detail)
Webmin>>Usermin >> Version 0.6 (Open CPE detail)
Webmin>>Usermin >> Version 0.7 (Open CPE detail)
Webmin>>Usermin >> Version 0.80 (Open CPE detail)
Webmin>>Usermin >> Version 0.90 (Open CPE detail)
Webmin>>Usermin >> Version 0.910 (Open CPE detail)
Webmin>>Usermin >> Version 0.929 (Open CPE detail)
Webmin>>Usermin >> Version 0.930 (Open CPE detail)
Webmin>>Usermin >> Version 0.940 (Open CPE detail)
Webmin>>Usermin >> Version 0.950 (Open CPE detail)
Webmin>>Usermin >> Version 0.960 (Open CPE detail)
Webmin>>Usermin >> Version 0.970 (Open CPE detail)
Webmin>>Usermin >> Version 0.980 (Open CPE detail)
Webmin>>Usermin >> Version 0.990 (Open CPE detail)
Webmin>>Usermin >> Version 1.000 (Open CPE detail)
Webmin>>Usermin >> Version 1.010 (Open CPE detail)
Webmin>>Usermin >> Version 1.020 (Open CPE detail)
Webmin>>Usermin >> Version 1.030 (Open CPE detail)
Webmin>>Usermin >> Version 1.040 (Open CPE detail)
Webmin>>Usermin >> Version 1.050 (Open CPE detail)
Webmin>>Usermin >> Version 1.051 (Open CPE detail)
Webmin>>Usermin >> Version 1.060 (Open CPE detail)
Webmin>>Usermin >> Version 1.070 (Open CPE detail)
Webmin>>Usermin >> Version 1.080 (Open CPE detail)
Webmin>>Usermin >> Version 1.090 (Open CPE detail)
Webmin>>Usermin >> Version 1.100 (Open CPE detail)
Webmin>>Usermin >> Version 1.110 (Open CPE detail)
Webmin>>Usermin >> Version 1.120 (Open CPE detail)
Webmin>>Usermin >> Version 1.130 (Open CPE detail)
Webmin>>Usermin >> Version 1.140 (Open CPE detail)
Webmin>>Usermin >> Version 1.150 (Open CPE detail)
Webmin>>Usermin >> Version 1.160 (Open CPE detail)
Webmin>>Usermin >> Version 1.170 (Open CPE detail)
Webmin>>Usermin >> Version 1.180 (Open CPE detail)
Webmin>>Usermin >> Version 1.190 (Open CPE detail)
Webmin>>Usermin >> Version 1.200 (Open CPE detail)
Webmin>>Usermin >> Version 1.210 (Open CPE detail)
Webmin>>Usermin >> Version 1.220 (Open CPE detail)
Webmin>>Usermin >> Version 1.230 (Open CPE detail)
Webmin>>Usermin >> Version 1.240 (Open CPE detail)
Webmin>>Usermin >> Version 1.250 (Open CPE detail)
Webmin>>Usermin >> Version 1.260 (Open CPE detail)
Webmin>>Usermin >> Version 1.270 (Open CPE detail)
Webmin>>Usermin >> Version 1.280 (Open CPE detail)

Webmin>>Webmin >> Version To (including) 1.340

Webmin>>Webmin >> Version 0.1 (Open CPE detail)
Webmin>>Webmin >> Version 0.2 (Open CPE detail)
Webmin>>Webmin >> Version 0.3 (Open CPE detail)
Webmin>>Webmin >> Version 0.4 (Open CPE detail)
Webmin>>Webmin >> Version 0.5 (Open CPE detail)
Webmin>>Webmin >> Version 0.21 (Open CPE detail)
Webmin>>Webmin >> Version 0.22 (Open CPE detail)
Webmin>>Webmin >> Version 0.31 (Open CPE detail)
Webmin>>Webmin >> Version 0.41 (Open CPE detail)
Webmin>>Webmin >> Version 0.42 (Open CPE detail)
Webmin>>Webmin >> Version 0.51 (Open CPE detail)
Webmin>>Webmin >> Version 0.52 (Open CPE detail)
Webmin>>Webmin >> Version 0.53 (Open CPE detail)
Webmin>>Webmin >> Version 0.54 (Open CPE detail)
Webmin>>Webmin >> Version 0.60 (Open CPE detail)
Webmin>>Webmin >> Version 0.61 (Open CPE detail)
Webmin>>Webmin >> Version 0.62 (Open CPE detail)
Webmin>>Webmin >> Version 0.63 (Open CPE detail)
Webmin>>Webmin >> Version 0.64 (Open CPE detail)
Webmin>>Webmin >> Version 0.65 (Open CPE detail)
Webmin>>Webmin >> Version 0.70 (Open CPE detail)
Webmin>>Webmin >> Version 0.71 (Open CPE detail)
Webmin>>Webmin >> Version 0.72 (Open CPE detail)
Webmin>>Webmin >> Version 0.73 (Open CPE detail)
Webmin>>Webmin >> Version 0.74 (Open CPE detail)
Webmin>>Webmin >> Version 0.75 (Open CPE detail)
Webmin>>Webmin >> Version 0.76 (Open CPE detail)
Webmin>>Webmin >> Version 0.77 (Open CPE detail)
Webmin>>Webmin >> Version 0.78 (Open CPE detail)
Webmin>>Webmin >> Version 0.79 (Open CPE detail)
Webmin>>Webmin >> Version 0.80 (Open CPE detail)
Webmin>>Webmin >> Version 0.81 (Open CPE detail)
Webmin>>Webmin >> Version 0.82 (Open CPE detail)
Webmin>>Webmin >> Version 0.83 (Open CPE detail)
Webmin>>Webmin >> Version 0.84 (Open CPE detail)
Webmin>>Webmin >> Version 0.85 (Open CPE detail)
Webmin>>Webmin >> Version 0.86 (Open CPE detail)
Webmin>>Webmin >> Version 0.87 (Open CPE detail)
Webmin>>Webmin >> Version 0.88 (Open CPE detail)
Webmin>>Webmin >> Version 0.89 (Open CPE detail)
Webmin>>Webmin >> Version 0.90 (Open CPE detail)
Webmin>>Webmin >> Version 0.91 (Open CPE detail)
Webmin>>Webmin >> Version 0.92 (Open CPE detail)
Webmin>>Webmin >> Version 0.93 (Open CPE detail)
Webmin>>Webmin >> Version 0.94 (Open CPE detail)
Webmin>>Webmin >> Version 0.950 (Open CPE detail)
Webmin>>Webmin >> Version 0.960 (Open CPE detail)
Webmin>>Webmin >> Version 0.970 (Open CPE detail)
Webmin>>Webmin >> Version 0.980 (Open CPE detail)
Webmin>>Webmin >> Version 0.990 (Open CPE detail)
Webmin>>Webmin >> Version 1.000 (Open CPE detail)
Webmin>>Webmin >> Version 1.020 (Open CPE detail)
Webmin>>Webmin >> Version 1.030 (Open CPE detail)
Webmin>>Webmin >> Version 1.040 (Open CPE detail)
Webmin>>Webmin >> Version 1.050 (Open CPE detail)
Webmin>>Webmin >> Version 1.060 (Open CPE detail)
Webmin>>Webmin >> Version 1.070 (Open CPE detail)
Webmin>>Webmin >> Version 1.080 (Open CPE detail)
Webmin>>Webmin >> Version 1.090 (Open CPE detail)
Webmin>>Webmin >> Version 1.100 (Open CPE detail)
Webmin>>Webmin >> Version 1.110 (Open CPE detail)
Webmin>>Webmin >> Version 1.120 (Open CPE detail)
Webmin>>Webmin >> Version 1.121 (Open CPE detail)
Webmin>>Webmin >> Version 1.130 (Open CPE detail)
Webmin>>Webmin >> Version 1.140 (Open CPE detail)
Webmin>>Webmin >> Version 1.150 (Open CPE detail)
Webmin>>Webmin >> Version 1.160 (Open CPE detail)
Webmin>>Webmin >> Version 1.170 (Open CPE detail)
Webmin>>Webmin >> Version 1.180 (Open CPE detail)
Webmin>>Webmin >> Version 1.190 (Open CPE detail)
Webmin>>Webmin >> Version 1.200 (Open CPE detail)
Webmin>>Webmin >> Version 1.210 (Open CPE detail)
Webmin>>Webmin >> Version 1.220 (Open CPE detail)
Webmin>>Webmin >> Version 1.230 (Open CPE detail)
Webmin>>Webmin >> Version 1.240 (Open CPE detail)
Webmin>>Webmin >> Version 1.250 (Open CPE detail)
Webmin>>Webmin >> Version 1.260 (Open CPE detail)
Webmin>>Webmin >> Version 1.270 (Open CPE detail)
Webmin>>Webmin >> Version 1.280 (Open CPE detail)
Webmin>>Webmin >> Version 1.290 (Open CPE detail)
Webmin>>Webmin >> Version 1.300 (Open CPE detail)
Webmin>>Webmin >> Version 1.310 (Open CPE detail)
Webmin>>Webmin >> Version 1.320 (Open CPE detail)
Webmin>>Webmin >> Version 1.330 (Open CPE detail)
Webmin>>Webmin >> Version 1.340 (Open CPE detail)

References

http://www.webmin.com/security.html
Tags : x_refsource_CONFIRM

http://secunia.com/advisories/25785
Tags : third-party-advisory, x_refsource_SECUNIA

http://www.vupen.com/english/advisories/2007/2117
Tags : vdb-entry, x_refsource_VUPEN

http://www.securityfocus.com/bid/24381
Tags : vdb-entry, x_refsource_BID

http://www.webmin.com/changes-1.350.html
Tags : x_refsource_CONFIRM

http://security.gentoo.org/glsa/glsa-200707-05.xml
Tags : vendor-advisory, x_refsource_GENTOO

http://secunia.com/advisories/25580
Tags : third-party-advisory, x_refsource_SECUNIA

http://osvdb.org/36932
Tags : vdb-entry, x_refsource_OSVDB

http://www.mandriva.com/security/advisories?name=MDKSA-2007:135
Tags : vendor-advisory, x_refsource_MANDRIVA

http://secunia.com/advisories/25956
Tags : third-party-advisory, x_refsource_SECUNIA

CVE-2007-3156 : Detail