CVE-2014-3884 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	4.3 UNKNOWN	NETWORK	MEDIUM		AV:N/AC:M/Au:N/C:N/I:P/A:N
jpcert	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 48%

Vendor	Product	Version
webmin	usermin	𝑥 ≤ 1.590
webmin	usermin	0.4
webmin	usermin	0.5
webmin	usermin	0.6
webmin	usermin	0.7
webmin	usermin	0.80
webmin	usermin	0.90
webmin	usermin	0.910
webmin	usermin	0.929
webmin	usermin	0.930
webmin	usermin	0.940
webmin	usermin	0.950
webmin	usermin	0.960
webmin	usermin	0.970
webmin	usermin	0.980
webmin	usermin	0.990
webmin	usermin	1.000
webmin	usermin	1.010
webmin	usermin	1.020
webmin	usermin	1.030
webmin	usermin	1.040
webmin	usermin	1.050
webmin	usermin	1.051
webmin	usermin	1.060
webmin	usermin	1.070
webmin	usermin	1.080
webmin	usermin	1.090
webmin	usermin	1.100
webmin	usermin	1.110
webmin	usermin	1.120
webmin	usermin	1.130
webmin	usermin	1.140
webmin	usermin	1.150
webmin	usermin	1.160
webmin	usermin	1.170
webmin	usermin	1.180
webmin	usermin	1.190
webmin	usermin	1.200
webmin	usermin	1.210
webmin	usermin	1.220
webmin	usermin	1.230
webmin	usermin	1.240
webmin	usermin	1.250
webmin	usermin	1.260
webmin	usermin	1.270
webmin	usermin	1.280
webmin	usermin	1.290
webmin	usermin	1.300
webmin	usermin	1.310
webmin	usermin	1.320
webmin	usermin	1.330
webmin	usermin	1.340
webmin	usermin	1.350
webmin	usermin	1.360
webmin	usermin	1.370
webmin	usermin	1.380
webmin	usermin	1.390
webmin	usermin	1.400
webmin	usermin	1.410
webmin	usermin	1.420
webmin	usermin	1.430
webmin	usermin	1.440
webmin	usermin	1.450
webmin	usermin	1.460
webmin	usermin	1.470
webmin	usermin	1.480
webmin	usermin	1.490
webmin	usermin	1.500
webmin	usermin	1.510
webmin	usermin	1.520
webmin	usermin	1.530
webmin	usermin	1.540
webmin	usermin	1.550
webmin	usermin	1.560
webmin	usermin	1.570
webmin	usermin	1.580

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References

http://jvn.jp/en/jp/JVN92737498/index.html

http://jvndb.jvn.jp/jvndb/JVNDB-2014-000058

http://jvn.jp/en/jp/JVN92737498/index.html

http://jvndb.jvn.jp/jvndb/JVNDB-2014-000058