Webmin chooser.cgi Cross-Site Scripting (< 1.330)
Medium Nessus Plugin ID 108541
SynopsisThe remote web server is affected by a script injection vulnerability.
DescriptionThe version of Webmin installed on the remote host is older than 1.330. It is, therefore, affected by multiple cross-site scripting (XSS) vulnerabilities in chooser.cgi. These flaws allow remote attackers to inject arbitrary web script or HTML via a crafted filename. Note that Nessus has relied on the self-reported version of the sofware from either the index page or the Server header.
SolutionUpgrade to Webmin version 1.330 or later.