What is GHSA-2rpj-3356-c2rw?

GHSA-2rpj-3356-c2rw is a security advisory published by GitHub Security Advisories with Medium severity. Webmin before 2.640 allows mailboxes/detach.cgi XSS via an SVG document attachment that is viewed...

Which CVE IDs does GHSA-2rpj-3356-c2rw cover?

GHSA-2rpj-3356-c2rw covers the following CVE IDs: CVE-2026-49102. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-2rpj-3356-c2rw?

GHSA-2rpj-3356-c2rw has a CVSS v3 base score of 6.1, published by GitHub Security Advisories.

GHSA-2rpj-3356-c2rwMediumCVSS 6.1

Webmin before 2.640 allows mailboxes/detach.cgi XSS via an SVG document attachment that is viewed...

Vendor

GitHub Security Advisories

Published

May 27, 2026

Last Modified

May 27, 2026

🔗 CVE IDs covered (1)

CVE-2026-49102 →

📋 Description

Webmin before 2.640 allows mailboxes/detach.cgi XSS via an SVG document attachment that is viewed in the mailboxes component, because image/svg+xml is used instead of a safe type (e.g., text/plain).

🔗 References (4)

https://nvd.nist.gov/vuln/detail/CVE-2026-49102
https://github.com/webmin/webmin/commit/cf432879a14568c4bb44cd2f9e5a9bd0e168edc1
https://github.com/webmin/webmin/compare/2.630...2.640
https://github.com/advisories/GHSA-2rpj-3356-c2rw