CVE-2024-36453

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-36453

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-36453.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-36453

Published

2024-07-10T07:15:03.177Z

Modified

2025-12-02T22:56:22.148054Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Cross-site scripting vulnerability exists in session_login.cgi of Webmin versions prior to 1.970 and Usermin versions prior to 1.820. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product. As a result, a webpage may be altered or sensitive information such as a credential may be disclosed.

References

Affected packages

Git / github.com/webmin/usermin

Affected ranges

Type: GIT
Repo: https://github.com/webmin/usermin
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

98e87ce0789744958eff95e1b9f1905925692a62

Affected versions

1.*

1.803

1.810

1.812

Git / github.com/webmin/webmin

Affected ranges

Type: GIT
Repo: https://github.com/webmin/webmin
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

d2b43d2eaa12f50c95f908c1b178f01a6d1275d4

Affected versions

1.*

1.700

1.710

1.720

1.730

1.740

1.750

1.760

1.770

1.780

1.790

1.800

1.801

1.810