CVE-2014-3886 Detail

CVE-2014-3886

CVE Descriptions

Cross-site scripting (XSS) vulnerability in Webmin before 1.690, when referrer checking is disabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this might overlap CVE-2014-3924.

CVE Informations

Related Weaknesses

CWE-ID	Weakness Name	Source
CWE-79	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Metrics

Metrics	Score	Severity	CVSS Vector	Source
V2	2.6		AV:N/AC:H/Au:N/C:N/I:P/A:N	[email protected]

EPSS

EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.

EPSS Score

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

EPSS Percentile

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.

EPSS First.org

Products Mentioned

Configuraton 0

Webmin>>Webmin >> Version To (including) 1.680

Webmin>>Webmin >> Version 0.1 (Open CPE detail)
Webmin>>Webmin >> Version 0.2 (Open CPE detail)
Webmin>>Webmin >> Version 0.3 (Open CPE detail)
Webmin>>Webmin >> Version 0.4 (Open CPE detail)
Webmin>>Webmin >> Version 0.5 (Open CPE detail)
Webmin>>Webmin >> Version 0.21 (Open CPE detail)
Webmin>>Webmin >> Version 0.22 (Open CPE detail)
Webmin>>Webmin >> Version 0.31 (Open CPE detail)
Webmin>>Webmin >> Version 0.41 (Open CPE detail)
Webmin>>Webmin >> Version 0.42 (Open CPE detail)
Webmin>>Webmin >> Version 0.51 (Open CPE detail)
Webmin>>Webmin >> Version 0.52 (Open CPE detail)
Webmin>>Webmin >> Version 0.53 (Open CPE detail)
Webmin>>Webmin >> Version 0.54 (Open CPE detail)
Webmin>>Webmin >> Version 0.60 (Open CPE detail)
Webmin>>Webmin >> Version 0.61 (Open CPE detail)
Webmin>>Webmin >> Version 0.62 (Open CPE detail)
Webmin>>Webmin >> Version 0.63 (Open CPE detail)
Webmin>>Webmin >> Version 0.64 (Open CPE detail)
Webmin>>Webmin >> Version 0.65 (Open CPE detail)
Webmin>>Webmin >> Version 0.70 (Open CPE detail)
Webmin>>Webmin >> Version 0.71 (Open CPE detail)
Webmin>>Webmin >> Version 0.72 (Open CPE detail)
Webmin>>Webmin >> Version 0.73 (Open CPE detail)
Webmin>>Webmin >> Version 0.74 (Open CPE detail)
Webmin>>Webmin >> Version 0.75 (Open CPE detail)
Webmin>>Webmin >> Version 0.76 (Open CPE detail)
Webmin>>Webmin >> Version 0.77 (Open CPE detail)
Webmin>>Webmin >> Version 0.78 (Open CPE detail)
Webmin>>Webmin >> Version 0.79 (Open CPE detail)
Webmin>>Webmin >> Version 0.80 (Open CPE detail)
Webmin>>Webmin >> Version 0.81 (Open CPE detail)
Webmin>>Webmin >> Version 0.82 (Open CPE detail)
Webmin>>Webmin >> Version 0.83 (Open CPE detail)
Webmin>>Webmin >> Version 0.84 (Open CPE detail)
Webmin>>Webmin >> Version 0.85 (Open CPE detail)
Webmin>>Webmin >> Version 0.86 (Open CPE detail)
Webmin>>Webmin >> Version 0.87 (Open CPE detail)
Webmin>>Webmin >> Version 0.88 (Open CPE detail)
Webmin>>Webmin >> Version 0.89 (Open CPE detail)
Webmin>>Webmin >> Version 0.90 (Open CPE detail)
Webmin>>Webmin >> Version 0.91 (Open CPE detail)
Webmin>>Webmin >> Version 0.92 (Open CPE detail)
Webmin>>Webmin >> Version 0.93 (Open CPE detail)
Webmin>>Webmin >> Version 0.94 (Open CPE detail)
Webmin>>Webmin >> Version 0.950 (Open CPE detail)
Webmin>>Webmin >> Version 0.960 (Open CPE detail)
Webmin>>Webmin >> Version 0.970 (Open CPE detail)
Webmin>>Webmin >> Version 0.980 (Open CPE detail)
Webmin>>Webmin >> Version 0.990 (Open CPE detail)
Webmin>>Webmin >> Version 1.000 (Open CPE detail)
Webmin>>Webmin >> Version 1.020 (Open CPE detail)
Webmin>>Webmin >> Version 1.030 (Open CPE detail)
Webmin>>Webmin >> Version 1.040 (Open CPE detail)
Webmin>>Webmin >> Version 1.050 (Open CPE detail)
Webmin>>Webmin >> Version 1.060 (Open CPE detail)
Webmin>>Webmin >> Version 1.070 (Open CPE detail)
Webmin>>Webmin >> Version 1.080 (Open CPE detail)
Webmin>>Webmin >> Version 1.090 (Open CPE detail)
Webmin>>Webmin >> Version 1.100 (Open CPE detail)
Webmin>>Webmin >> Version 1.110 (Open CPE detail)
Webmin>>Webmin >> Version 1.120 (Open CPE detail)
Webmin>>Webmin >> Version 1.121 (Open CPE detail)
Webmin>>Webmin >> Version 1.130 (Open CPE detail)
Webmin>>Webmin >> Version 1.140 (Open CPE detail)
Webmin>>Webmin >> Version 1.150 (Open CPE detail)
Webmin>>Webmin >> Version 1.160 (Open CPE detail)
Webmin>>Webmin >> Version 1.170 (Open CPE detail)
Webmin>>Webmin >> Version 1.180 (Open CPE detail)
Webmin>>Webmin >> Version 1.190 (Open CPE detail)
Webmin>>Webmin >> Version 1.200 (Open CPE detail)
Webmin>>Webmin >> Version 1.210 (Open CPE detail)
Webmin>>Webmin >> Version 1.220 (Open CPE detail)
Webmin>>Webmin >> Version 1.230 (Open CPE detail)
Webmin>>Webmin >> Version 1.240 (Open CPE detail)
Webmin>>Webmin >> Version 1.250 (Open CPE detail)
Webmin>>Webmin >> Version 1.260 (Open CPE detail)
Webmin>>Webmin >> Version 1.270 (Open CPE detail)
Webmin>>Webmin >> Version 1.280 (Open CPE detail)
Webmin>>Webmin >> Version 1.290 (Open CPE detail)
Webmin>>Webmin >> Version 1.300 (Open CPE detail)
Webmin>>Webmin >> Version 1.310 (Open CPE detail)
Webmin>>Webmin >> Version 1.320 (Open CPE detail)
Webmin>>Webmin >> Version 1.330 (Open CPE detail)
Webmin>>Webmin >> Version 1.340 (Open CPE detail)
Webmin>>Webmin >> Version 1.350 (Open CPE detail)
Webmin>>Webmin >> Version 1.360 (Open CPE detail)
Webmin>>Webmin >> Version 1.370 (Open CPE detail)
Webmin>>Webmin >> Version 1.380 (Open CPE detail)
Webmin>>Webmin >> Version 1.390 (Open CPE detail)
Webmin>>Webmin >> Version 1.400 (Open CPE detail)
Webmin>>Webmin >> Version 1.410 (Open CPE detail)
Webmin>>Webmin >> Version 1.420 (Open CPE detail)
Webmin>>Webmin >> Version 1.430 (Open CPE detail)
Webmin>>Webmin >> Version 1.440 (Open CPE detail)
Webmin>>Webmin >> Version 1.441 (Open CPE detail)
Webmin>>Webmin >> Version 1.450 (Open CPE detail)
Webmin>>Webmin >> Version 1.460 (Open CPE detail)
Webmin>>Webmin >> Version 1.470 (Open CPE detail)
Webmin>>Webmin >> Version 1.480 (Open CPE detail)
Webmin>>Webmin >> Version 1.490 (Open CPE detail)
Webmin>>Webmin >> Version 1.500 (Open CPE detail)
Webmin>>Webmin >> Version 1.510 (Open CPE detail)
Webmin>>Webmin >> Version 1.520 (Open CPE detail)
Webmin>>Webmin >> Version 1.530 (Open CPE detail)
Webmin>>Webmin >> Version 1.540 (Open CPE detail)
Webmin>>Webmin >> Version 1.560 (Open CPE detail)
Webmin>>Webmin >> Version 1.570 (Open CPE detail)
Webmin>>Webmin >> Version 1.580 (Open CPE detail)
Webmin>>Webmin >> Version 1.590 (Open CPE detail)
Webmin>>Webmin >> Version 1.600 (Open CPE detail)
Webmin>>Webmin >> Version 1.610 (Open CPE detail)
Webmin>>Webmin >> Version 1.620 (Open CPE detail)
Webmin>>Webmin >> Version 1.630 (Open CPE detail)
Webmin>>Webmin >> Version 1.640 (Open CPE detail)
Webmin>>Webmin >> Version 1.650 (Open CPE detail)
Webmin>>Webmin >> Version 1.660 (Open CPE detail)
Webmin>>Webmin >> Version 1.670 (Open CPE detail)
Webmin>>Webmin >> Version 1.680 (Open CPE detail)

Webmin>>Webmin >> Version 1.600

Webmin>>Webmin >> Version 1.600 (Open CPE detail)

Webmin>>Webmin >> Version 1.610

Webmin>>Webmin >> Version 1.610 (Open CPE detail)

Webmin>>Webmin >> Version 1.620

Webmin>>Webmin >> Version 1.620 (Open CPE detail)

Webmin>>Webmin >> Version 1.630

Webmin>>Webmin >> Version 1.630 (Open CPE detail)

Webmin>>Webmin >> Version 1.640

Webmin>>Webmin >> Version 1.640 (Open CPE detail)

Webmin>>Webmin >> Version 1.650

Webmin>>Webmin >> Version 1.650 (Open CPE detail)

Webmin>>Webmin >> Version 1.660

Webmin>>Webmin >> Version 1.660 (Open CPE detail)

Webmin>>Webmin >> Version 1.670

Webmin>>Webmin >> Version 1.670 (Open CPE detail)

References

http://jvn.jp/en/jp/JVN02213197/index.html
Tags : third-party-advisory, x_refsource_JVN

http://jvndb.jvn.jp/jvndb/JVNDB-2014-000060
Tags : third-party-advisory, x_refsource_JVNDB

CVE-2014-3886 : Detail