{"vuid":"VU#381692","idnumber":"381692","name":"Webmin contains a cross-site scripting vulnerability","keywords":["webmin","xss","cross-site scripting","cwe-79"],"overview":"Webmin 1.670, and possibly earlier versions, contains a cross-site scripting vulnerability.","clean_desc":"CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Webmin 1.670, and possibly earlier versions, contains a cross-site scripting vulnerability in the \"search\" parameter of the view.cgi page.","impact":"A remote attacker that is able to trick a user in to visiting a specially crafted URL may be able to conduct a cross-site scripting attack. This attack may result in information leakage, privilege escalation, and/or denial of service.","resolution":"Apply an Update Webmin 1.680 addresses this vulnerability.","workarounds":"","sysaffected":"","thanks":"Thanks to William Costa for reporting this vulnerability.","author":"This document was written by Jared Allar.","public":["http://www.webmin.com/changes.html","http://www.webmin.com/download.html"],"cveids":["CVE-2014-0339"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2014-02-17T19:47:39Z","publicdate":"2014-03-14T00:00:00Z","datefirstpublished":"2014-03-14T21:06:49Z","dateupdated":"2014-03-14T21:06:49Z","revision":7,"vrda_d1_directreport":"1","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"N","cvss_accesscomplexity":"M","cvss_authentication":null,"cvss_confidentialityimpact":"N","cvss_integrityimpact":"P","cvss_availabilityimpact":"N","cvss_exploitablity":null,"cvss_remediationlevel":"OF","cvss_reportconfidence":"C","cvss_collateraldamagepotential":"ND","cvss_targetdistribution":"M","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"4.3","cvss_basevector":"AV:N/AC:M/Au:N/C:N/I:P/A:N","cvss_temporalscore":"3.4","cvss_environmentalscore":"2.52290112102","cvss_environmentalvector":"CDP:ND/TD:M/CR:ND/IR:ND/AR:ND","metric":0.0,"vulnote":null}