Medium severity6.1NVD Advisory· Published Jul 4, 2017· Updated May 13, 2026

CVE-2017-9313

Description

Multiple Cross-site scripting (XSS) vulnerabilities in Webmin before 1.850 allow remote attackers to inject arbitrary web script or HTML via the sec parameter to view_man.cgi, the referers parameter to change_referers.cgi, or the name parameter to save_user.cgi. NOTE: these issues were not fixed in 1.840.

Affected products

Webmin/Webmin
cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*
Range: <=1.840

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/webmin/webmin/commit/a330e913ee099cb9c586ce1b9267647fc566c1abnvdPatchThird Party Advisory
github.com/webmin/webmin/commit/c2d4a90639afb2403979aa91ba75cb332ae16d1bnvdPatchThird Party Advisory
seclists.org/bugtraq/2017/Jul/3nvdExploitThird Party Advisory
www.securityfocus.com/bid/99373nvdThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1038814nvdThird Party AdvisoryVDB Entry
www.webmin.com/changes.htmlnvdRelease NotesVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.397
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000