CVE-2007-1276

Webmin <1.330, Usermin <1.260 - XSS

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in chooser.cgi in Webmin before 1.330 and Usermin before 1.260 allow remote attackers to inject arbitrary web script or HTML via a crafted filename.

References (7)

[Third Party Advisory, VDB Entry] http://osvdb.org/33832

[Vendor Advisory] http://secunia.com/advisories/24321

[Vendor Advisory] http://www.vupen.com/english/advisories/2007/0780

[Various Sources] http://www.webmin.com/changes-1.330.html

[Various Sources] http://www.webmin.com/security.html

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/32725

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1017711

Scores

EPSS 0.0026

EPSS Percentile 48.9%

Classification

CWE

CWE-352

Status draft

Affected Products (44)

usermin/usermin

... and 29 more

Timeline

Published Mar 05, 2007

Tracked Since Feb 18, 2026