You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
An issue was discovered in Webmin 2.021. A Cross-Site Scripting (XSS) vulnerability was discovered in the HTTP Tunnel functionality when handling third-party domain URLs. By providing a crafted URL from a third-party domain, an attacker can inject malicious code. leading to the execution of arbitrary JavaScript code within the context of the victim's browser.
RISK FACTOR: High
Affected Component - HTTP Tunnel functionality
Procedure for reproducing the issue:
1. Access the "Http Tunnel" feature through the "Tools" menu and insert the following URL: https://detectify-labs.s3.amazonaws.com/csp.html.
Blog Reference: ('https://labs.detectify.com/2015/05/28/building-an-xss-polyglot-through-swf-and-csp/')