Exploit for #VU52551 Cross-site scripting in Webmin

Exploit for #VU52551 Cross-site scripting in Webmin

Published: 2021-04-25 | Updated: 2021-11-25

Vulnerability identifier: #VU52551

Vulnerability risk: Medium

CVSSv3.1: 5.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C]

CVE-ID: CVE-2021-31761

CWE-ID: CWE-79

Exploitation vector: Network

Exploits in database: 2

November 25, 2021
- Webmin 1.973 - 'run.cgi' Cross-Site Request Forgery (CSRF) [Exploit-DB]
April 25, 2021
- CVE-2021-31761 (Exploiting a Reflected Cross-Site Scripting (XSS) attack to get a Remote Command Execution (RCE) through the Webmin's running process feature) [Github]

Impact: Information disclosure and data manipulation

Vulnerable software:
Webmin
Web applications / Remote management & hosting panels

Vendor: Webmin