CVE-2024-36453 – This is a cross-site scripting (XSS) vulnerabil... (How to Fix)

Q: How do I fix CVE-2024-36453?

1. Backup your Webmin/Usermin configuration. 2. Update Webmin to version 1.970 or later via the built-in updater or package manager. 3. Update Usermin to version 1.820 or later similarly. 4. Verify the update by checking the version in the web interface.

Q: What is the severity of CVE-2024-36453?

CVE-2024-36453 has a CVSS score of 6.1 (MEDIUM). This is a cross-site scripting (XSS) vulnerability in Webmin and Usermin's session_login.cgi that allows attackers to inject malicious scripts. When exploited, these scripts execute in victims' browsers, potentially stealing credentials or altering webpages. Users of Webmin before version 1.970 or Usermin before version 1.820 are affected.

📋 TL;DR

This is a cross-site scripting (XSS) vulnerability in Webmin and Usermin's session_login.cgi that allows attackers to inject malicious scripts. When exploited, these scripts execute in victims' browsers, potentially stealing credentials or altering webpages. Users of Webmin before version 1.970 or Usermin before version 1.820 are affected.

💻 Affected Systems

Products:

Webmin
Usermin

Versions: Webmin < 1.970, Usermin < 1.820

Operating Systems: All supported OS (Linux, Unix, Windows)

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the session_login.cgi component; vulnerable in default installations.

📦 What is this software?

Usermin by Webmin

View all CVEs affecting Usermin →

Webmin by Webmin

View all CVEs affecting Webmin →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers steal administrator credentials, gain full control of the Webmin/Usermin server, and compromise the underlying system.

🟠

Likely Case

Session hijacking, credential theft from logged-in users, or defacement of the Webmin/Usermin interface.

🟢

If Mitigated

Limited impact if proper input validation and output encoding are implemented, though XSS could still expose session data.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires user interaction (e.g., clicking a malicious link) but is straightforward once the XSS payload is crafted.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Webmin 1.970, Usermin 1.820

Vendor Advisory: https://webmin.com/

Restart Required: No

Instructions:

1. Backup your Webmin/Usermin configuration. 2. Update Webmin to version 1.970 or later via the built-in updater or package manager. 3. Update Usermin to version 1.820 or later similarly. 4. Verify the update by checking the version in the web interface.

🔧 Temporary Workarounds

Input Sanitization via Webmin Configuration

linux

Implement custom input validation filters in Webmin to sanitize user inputs in session_login.cgi.

Edit /etc/webmin/config or relevant configuration files to add input filtering rules (specifics depend on setup).

🧯 If You Can't Patch

Restrict access to Webmin/Usermin to trusted IP addresses using firewall rules.
Implement a web application firewall (WAF) to block XSS payloads.

🔍 How to Verify

Check if Vulnerable:

Check the Webmin or Usermin version via the web interface or command line; versions below 1.970 for Webmin or 1.820 for Usermin are vulnerable.

Check Version:

For Webmin: cat /etc/webmin/version or check via web interface. For Usermin: similar command or web interface check.

Verify Fix Applied:

Confirm the version is Webmin 1.970+ or Usermin 1.820+ and test the session_login.cgi endpoint with safe XSS payloads to ensure they are sanitized.

📡 Detection & Monitoring

Log Indicators:

Unusual requests to session_login.cgi with script tags or JavaScript payloads in logs.
Failed login attempts followed by suspicious redirects or script injections.

Network Indicators:

HTTP requests containing malicious scripts targeting the session_login.cgi endpoint.
Unexpected outbound connections from the Webmin/Usermin server post-exploitation.

SIEM Query:

source="webmin_logs" AND (url="*session_login.cgi*" AND (content="*<script>*" OR content="*javascript:*"))

📊 Metadata

CVE ID: CVE-2024-36453

CVSS v3 Score: 6.1 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-79

Published: July 10, 2024

Last Updated: October 8, 2025

🔗 References

https://jvn.jp/en/jp/JVN81442045/ Third Party Advisory
https://webmin.com/ Product
https://webmin.com/usermin/ Product
https://jvn.jp/en/jp/JVN81442045/ Third Party Advisory
https://webmin.com/ Product
https://webmin.com/usermin/ Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-36453, you might also want to check these: