VYPR

Usermin

by Webmin

CVEs (23)

  • CVE-2016-4897MedApr 12, 2017
    risk 0.40cvss 6.1epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in (1) filter/save_forward.cgi, (2) filter/save.cgi, (3) /man/search.cgi in Usermin before 1.690.

  • CVE-2024-44762Oct 16, 2024
    risk 0.04cvss epss 0.03

    A discrepancy in error messages for invalid login attempts in Webmin Usermin v2.100 allows attackers to enumerate valid user accounts.

  • CVE-2024-36453Jul 10, 2024
    risk 0.00cvss epss 0.00

    Cross-site scripting vulnerability exists in session_login.cgi of Webmin versions prior to 1.970 and Usermin versions prior to 1.820. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the…

  • CVE-2023-41156Sep 14, 2023
    risk 0.00cvss epss 0.00

    A Stored Cross-Site Scripting (XSS) vulnerability in the filter and forward mail tab in Usermin 2.001 allows remote attackers to inject arbitrary web script or HTML via the save to new folder named field while creating a new filter.

  • CVE-2023-41155Sep 13, 2023
    risk 0.00cvss epss 0.00

    A Stored Cross-Site Scripting (XSS) vulnerability in the mail forwarding and replies tab in Webmin and Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the forward to field while creating a mail forwarding rule.

  • CVE-2023-41154Sep 13, 2023
    risk 0.00cvss epss 0.00

    A Stored Cross-Site Scripting (XSS) vulnerability in the scheduled cron jobs tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the value field parameter while creating a new environment variable.

  • CVE-2023-41163Aug 30, 2023
    risk 0.00cvss epss 0.00

    A Reflected Cross-site scripting (XSS) vulnerability in the file manager tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the replace in results field while replacing the results under the tools drop down.

  • CVE-2023-41153Aug 29, 2023
    risk 0.00cvss epss 0.00

    A Stored Cross-Site Scripting (XSS) vulnerability in the SSH configuration tab in Usermin 2.001 allows remote attackers to inject arbitrary web script or HTML via options for the host value while editing the host options.

  • CVE-2022-36880Jul 27, 2022
    risk 0.00cvss epss 0.01

    The Read Mail module in Webmin 1.995 and Usermin through 1.850 allows XSS via a crafted HTML e-mail message.

  • CVE-2014-3884Jul 20, 2014
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Usermin before 1.600 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this might overlap CVE-2014-3924.

  • CVE-2014-3883Jun 21, 2014
    risk 0.00cvss epss 0.01

    Usermin before 1.600 allows remote attackers to execute arbitrary operating-system commands via unspecified vectors related to a user action.

  • CVE-2014-3924May 30, 2014
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in Webmin before 1.690 and Usermin before 1.600 allow remote attackers to inject arbitrary web script or HTML via vectors related to popup windows.

  • CVE-2009-4568Jan 5, 2010
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in Webmin before 1.500 and Usermin before 1.430 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2008-0720Feb 12, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Webmin 1.370 and 1.390 and Usermin 1.300 and 1.320 allows remote attackers to inject arbitrary web script or HTML via the search parameter to webmin_search.cgi (aka the search section), and possibly other components accessed through a…

  • CVE-2007-3156Jun 11, 2007
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in pam_login.cgi in Webmin before 1.350 and Usermin before 1.280 allow remote attackers to inject arbitrary web script or HTML via the (1) cid, (2) message, or (3) question parameter. NOTE: some of these details are obtained…

  • CVE-2007-1276Mar 5, 2007
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in chooser.cgi in Webmin before 1.330 and Usermin before 1.260 allow remote attackers to inject arbitrary web script or HTML via a crafted filename.

  • CVE-2006-4542Sep 5, 2006
    risk 0.00cvss epss 0.03

    Webmin before 1.296 and Usermin before 1.226 do not properly handle a URL with a null ("%00") character, which allows remote attackers to conduct cross-site scripting (XSS), read CGI program source code, list directories, and possibly execute programs.

  • CVE-2005-3042Sep 22, 2005
    risk 0.00cvss epss 0.04

    miniserv.pl in Webmin before 1.230 and Usermin before 1.160, when "full PAM conversations" is enabled, allows remote attackers to bypass authentication by spoofing session IDs via certain metacharacters (line feed or carriage return).

  • CVE-2005-1177May 2, 2005
    risk 0.00cvss epss 0.02

    Unknown vulnerability in (1) Webmin and (2) Usermin before 1.200 causes Webmin to change permissions and ownership of configuration files, with unknown impact.

  • CVE-2004-1468Dec 31, 2004
    risk 0.00cvss epss 0.04

    The web mail functionality in Usermin 1.x and Webmin 1.x allows remote attackers to execute arbitrary commands via shell metacharacters in an e-mail message.

Page 1 of 2