Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The web interface for Webmin 0.92 does not properly quote or filter script code in files that are displayed to the interface, which allows local users to execute script and possibly steal cookies by inserting the script into certain files or fields, such as a real user name entry in the passwd file.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Webmin脚本代码输入验证漏洞
Vulnerability Description
Webmin是一款基于WEB接口的Unix和Linux操作系统管理程序。 Webmin对显示在WEB接口的输出没有很好过滤脚本代码,可导致恶意脚本代码被执行。 Webmin对一些系统文件等输出显示到WEB接口缺少充分的过滤,可以攻击者更改这些文件内容,当ROOT用户浏览时被执行,另外,攻击者也可以在其他类型输出里插入恶意Javascript代码,当ROOT用户浏览此链接的时候,导致脚本代码在ROOT用户浏览器上执行,泄露基于COOKIE认证的敏感信息。
CVSS Information
N/A
Vulnerability Type
N/A