Lucene search

[email protected]CVE-2022-36446

HistoryJul 25, 2022 - 6:15 a.m.

CVE-2022-36446

2022-07-2506:15:07

CWE-116

[email protected]

web.nvd.nist.gov

244

cve-2022-36446

software

apt-lib.pl

webmin

html escaping

ui command

nvd

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.2 High

AI Score

Confidence

High

0.969 High

EPSS

Percentile

99.7%

JSON

software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command.

Affected configurations

NVD

Node

webminwebminRange<1.997

CPENameOperatorVersion
webmin:webminwebminlt1.997

CPE	Name	Operator	Version
webmin:webmin	webmin	lt	1.997

References

packetstormsecurity.com/files/167894/Webmin-1.996-Remote-Code-Execution.html

packetstormsecurity.com/files/168049/Webmin-Package-Updates-Command-Injection.html

gist.github.com/emirpolatt/cf19d6c0128fa3e25ebb47e09243919b

github.com/webmin/webmin/commit/13f7bf9621a82d93f1e9dbd838d1e22020221bde

github.com/webmin/webmin/compare/1.996...1.997

www.exploit-db.com/exploits/50998

Social References

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.2 High

AI Score

Confidence

High

0.969 High

EPSS

Percentile

99.7%

JSON

Related for CVE-2022-36446

nuclei1 nessus1 githubexploit1 openvas1 zdt1 cvelist1 packetstorm2 prion1 osv1 nvd1 metasploit1 exploitdb1 checkpoint_advisories1 rapid7blog1