CVE-2022-3844

02.11.2022, 20:15

A vulnerability, which was classified as problematic, was found in Webmin 2.001. Affected is an unknown function of the file xterm/index.cgi. The manipulation leads to basic cross site scripting. It is possible to launch the attack remotely. Upgrading to version 2.003 is able to address this issue. The patch is identified as d3d33af3c0c3fd3a889c84e287a038b7a457d811. It is recommended to upgrade the affected component. VDB-212862 is the identifier assigned to this vulnerability.

Basic XSS

Cross-site Scripting

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	3.5 LOW	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
VulDB	CNA	3.5 LOW				CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
CISA-ADP	ADP	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 21%

Vendor	Product	Version
webmin	webmin	2.001

𝑥

= Vulnerable software versions

Common Weakness Enumeration

References

https://github.com/webmin/webmin/commit/d3d33af3c0c3fd3a889c84e287a038b7a457d811

https://github.com/webmin/webmin/releases/tag/2.003

https://vuldb.com/?ctiid.212862

https://vuldb.com/?id.212862

https://github.com/webmin/webmin/commit/d3d33af3c0c3fd3a889c84e287a038b7a457d811

https://github.com/webmin/webmin/releases/tag/2.003

https://vuldb.com/?ctiid.212862

https://vuldb.com/?id.212862