Tested on Webmin 1.390

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Tested on Webmin 1.390
From: no-reply@xxxxxxxxxxxxxxxxx
Date: 6 Feb 2008 05:18:01 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Aria-Security Team (Persian Security Network)
http://Aria-Security.Net
----------------------------------
Tested on Webmin 1.390 Cross Site Scripting

This vuln was tested on Webmin as an administrator account (root) 
and it has worked on the search section (file) of the system.

Value Inserted:
"><script>alert('Discovered By Aria-Security')</script>

Regards,
Aria-Security Team (Persian Security Network)
The-0utl4w
Credits Goes to Aria-Security Team
----------------------------------
for more info visit:
http://forum.aria-security.net/forumdisplay.php?f=60

Prev by Date: [SECURITY] [DSA 1482-1] New squid packages fix denial of service
Next by Date: [security bulletin] HPSBGN02310 SSRT080007 rev.1 - HP Virtual Rooms Running on Windows, Remote Execution of Arbitrary Code
Previous by thread: [SECURITY] [DSA 1482-1] New squid packages fix denial of service
Next by thread: Re: Tested on Webmin 1.390
Index(es):
- Date
- Thread