Webmin / Usermin Login Cross Site Scripting Vulnerability CVE-2002-0756

Why do I get this Webmin / Usermin Login Cross Site Scripting Vulnerability CVE-2002-0756?
Webmin is current.
How do I stop it?

Thanks for reaching out. The VT (OID: 1.3.6.1.4.1.25623.1.0.802258) got an update and will be available in one of the next feed updates.

Let us know if you still have any problems regarding this VT.

2 Likes

A short note on this question:

How do I stop it?

Unfortunately such aged “active” XSS VTs (this one was from 2011) often have insufficient response checks to fully / reliable check the related flaws.

While quite a lot work has been already done in recent years to make them more reliable it’s always possible that some have been slipped through so all you can currently do is to do a posting like this to make us aware of such candidates which requires an update.

And again, thanks a lot for your posting :+1:

2 Likes

Hi, I had the same result, and it seems to be a Webmin configuration for the “Auto-logout” option was not allowed. After enabling this feature, the Cross Site Scripting was not detected. Please double check recommended settings from Webmin official sites for “referers_none=1 to /etc/webmin/config” in Webmin configuration.

related Webmin option:
Webmin-configuration/Authentication - Authentication-option.