← Back

CVE-2006-4542

nvd nist
Published: Sep 5, 2006Modified: Apr 16, 2026

JSON object

Loading...
6.8
Vector
AV:N/AC:M/Au:N/C:P/I:P/A:P
Exploitability: 8.6 / Impact: 6.4
Source: NVD

Description

Webmin before 1.296 and Usermin before 1.226 do not properly handle a URL with a null ("%00") character, which allows remote attackers to conduct cross-site scripting (XSS), read CGI program source code, list directories, and possibly execute programs.

Affected (92)

Products: Usermin: Usermin · Webmin: Webmin
Usermin
1 product
Usermin
Webmin
1 product
Webmin
Configuration A
92 vulnerable
Vulnerable SoftwareAffected Versions
Usermin
Usermin
Up to 1.220
Usermin
Version 0.4
Usermin
Version 0.5
Usermin
Version 0.6
Usermin
Version 0.7
Usermin
Version 0.8
Usermin
Version 0.91
Usermin
Version 0.92
Usermin
Version 0.93
Usermin
Version 0.94
Usermin
Version 0.95
Usermin
Version 0.96
Usermin
Version 0.97
Usermin
Version 0.98
Usermin
Version 0.99
Usermin
Version 0.9
Usermin
Version 1.000
Usermin
Version 1.010
Usermin
Version 1.020
Usermin
Version 1.030
Usermin
Version 1.040
Usermin
Version 1.051
Usermin
Version 1.060
Usermin
Version 1.070
Usermin
Version 1.080
Usermin
Version 1.090
Usermin
Version 1.100
Usermin
Version 1.110
Usermin
Version 1.120
Usermin
Version 1.130
Usermin
Version 1.140
Usermin
Version 1.150
Usermin
Version 1.210
Webmin
Webmin
Up to 1.2.90
Webmin
Version 0.1
Webmin
Version 0.21
Webmin
Version 0.22
Webmin
Version 0.2
Webmin
Version 0.31
Webmin
Version 0.3
Webmin
Version 0.41
Webmin
Version 0.42
Webmin
Version 0.4
Webmin
Version 0.51
Webmin
Version 0.5
Webmin
Version 0.6
Webmin
Version 0.76
Webmin
Version 0.77
Webmin
Version 0.78
Webmin
Version 0.79
Webmin
Version 0.7
Webmin
Version 0.80
Webmin
Version 0.83
Webmin
Version 0.84
Webmin
Version 0.85
Webmin
Version 0.88
Webmin
Version 0.90
Webmin
Version 0.91
Webmin
Version 0.92.1
Webmin
Version 0.92
Webmin
Version 0.93
Webmin
Version 0.94
Webmin
Version 0.95
Webmin
Version 0.96
Webmin
Version 0.97
Webmin
Version 0.98
Webmin
Version 0.99
Webmin
Version 1.0.00
Webmin
Version 1.0.10
Webmin
Version 1.0.20
Webmin
Version 1.0.30
Webmin
Version 1.0.40
Webmin
Version 1.0.50
Webmin
Version 1.0.51
Webmin
Version 1.0.60
Webmin
Version 1.0.70
Webmin
Version 1.0.80
Webmin
Version 1.0.90
Webmin
Version 1.1.00
Webmin
Version 1.1.10
Webmin
Version 1.1.20
Webmin
Version 1.1.21
Webmin
Version 1.1.30
Webmin
Version 1.1.40
Webmin
Version 1.1.50
Webmin
Version 1.2.20
Webmin
Version 1.2.30
Webmin
Version 1.2.40
Webmin
Version 1.2.50
Webmin
Version 1.2.60
Webmin
Version 1.2.70
Webmin
Version 1.2.80

Related CWEs

CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (32)

Source: cve@mitre.org
Patch
Source: cve@mitre.org
PatchVendor Advisory
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Patch
Source: cve@mitre.org
Source: cve@mitre.org
PatchVendor Advisory
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.