Description
The web interface for Webmin 0.92 does not properly quote or filter script code in files that are displayed to the interface, which allows local users to execute script and possibly steal cookies by inserting the script into certain files or fields, such as a real user name entry in the passwd file.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by prophecy · textlocallinux
https://www.exploit-db.com/exploits/21348
References (3)
Core 3
Core References
Exploit, Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/4329
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/8596
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://online.securityfocus.com/archive/1/263181
Scores
EPSS
0.0029
EPSS Percentile
52.6%
Details
Status
published
Products (25)
webmin/webmin
0.1
webmin/webmin
0.2
webmin/webmin
0.3
webmin/webmin
0.4
webmin/webmin
0.5
webmin/webmin
0.6
webmin/webmin
0.7
webmin/webmin
0.21
webmin/webmin
0.22
webmin/webmin
0.31
... and 15 more
Published
Dec 31, 2002
Tracked Since
Feb 18, 2026