← Back

CVE-2014-3884

nvd nist
Published: Jul 20, 2014Modified: May 6, 2026

JSON object

Loading...
4.3
Vector
AV:N/AC:M/Au:N/C:N/I:P/A:N
Exploitability: 8.6 / Impact: 2.9
Source: NVD

Description

Cross-site scripting (XSS) vulnerability in Usermin before 1.600 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this might overlap CVE-2014-3924.

Affected (76)

Products: Webmin: Usermin
Webmin
1 product
Usermin
Configuration A
76 vulnerable
Vulnerable SoftwareAffected Versions
Webmin
Usermin
Up to 1.590
Usermin
Version 0.4
Usermin
Version 0.5
Usermin
Version 0.6
Usermin
Version 0.7
Usermin
Version 0.80
Usermin
Version 0.90
Usermin
Version 0.910
Usermin
Version 0.929
Usermin
Version 0.930
Usermin
Version 0.940
Usermin
Version 0.950
Usermin
Version 0.960
Usermin
Version 0.970
Usermin
Version 0.980
Usermin
Version 0.990
Usermin
Version 1.000
Usermin
Version 1.010
Usermin
Version 1.020
Usermin
Version 1.030
Usermin
Version 1.040
Usermin
Version 1.050
Usermin
Version 1.051
Usermin
Version 1.060
Usermin
Version 1.070
Usermin
Version 1.080
Usermin
Version 1.090
Usermin
Version 1.100
Usermin
Version 1.110
Usermin
Version 1.120
Usermin
Version 1.130
Usermin
Version 1.140
Usermin
Version 1.150
Usermin
Version 1.160
Usermin
Version 1.170
Usermin
Version 1.180
Usermin
Version 1.190
Usermin
Version 1.200
Usermin
Version 1.210
Usermin
Version 1.220
Usermin
Version 1.230
Usermin
Version 1.240
Usermin
Version 1.250
Usermin
Version 1.260
Usermin
Version 1.270
Usermin
Version 1.280
Usermin
Version 1.290
Usermin
Version 1.300
Usermin
Version 1.310
Usermin
Version 1.320
Usermin
Version 1.330
Usermin
Version 1.340
Usermin
Version 1.350
Usermin
Version 1.360
Usermin
Version 1.370
Usermin
Version 1.380
Usermin
Version 1.390
Usermin
Version 1.400
Usermin
Version 1.410
Usermin
Version 1.420
Usermin
Version 1.430
Usermin
Version 1.440
Usermin
Version 1.450
Usermin
Version 1.460
Usermin
Version 1.470
Usermin
Version 1.480
Usermin
Version 1.490
Usermin
Version 1.500
Usermin
Version 1.510
Usermin
Version 1.520
Usermin
Version 1.530
Usermin
Version 1.540
Usermin
Version 1.550
Usermin
Version 1.560
Usermin
Version 1.570
Usermin
Version 1.580

Related CWEs

CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (4)

Source: vultures@jpcert.or.jp
Vendor Advisory
Source: vultures@jpcert.or.jp
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.