Usermin
by Webmin
CVEs (23)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-4897 | Med | 0.40 | 6.1 | 0.01 | Apr 12, 2017 | Multiple cross-site scripting (XSS) vulnerabilities in (1) filter/save_forward.cgi, (2) filter/save.cgi, (3) /man/search.cgi in Usermin before 1.690. | ||
| CVE-2024-44762 | 0.04 | — | 0.03 | Oct 16, 2024 | A discrepancy in error messages for invalid login attempts in Webmin Usermin v2.100 allows attackers to enumerate valid user accounts. | |||
| CVE-2024-36453 | 0.00 | — | 0.00 | Jul 10, 2024 | Cross-site scripting vulnerability exists in session_login.cgi of Webmin versions prior to 1.970 and Usermin versions prior to 1.820. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the… | |||
| CVE-2023-41156 | 0.00 | — | 0.00 | Sep 14, 2023 | A Stored Cross-Site Scripting (XSS) vulnerability in the filter and forward mail tab in Usermin 2.001 allows remote attackers to inject arbitrary web script or HTML via the save to new folder named field while creating a new filter. | |||
| CVE-2023-41155 | 0.00 | — | 0.00 | Sep 13, 2023 | A Stored Cross-Site Scripting (XSS) vulnerability in the mail forwarding and replies tab in Webmin and Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the forward to field while creating a mail forwarding rule. | |||
| CVE-2023-41154 | 0.00 | — | 0.00 | Sep 13, 2023 | A Stored Cross-Site Scripting (XSS) vulnerability in the scheduled cron jobs tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the value field parameter while creating a new environment variable. | |||
| CVE-2023-41163 | 0.00 | — | 0.00 | Aug 30, 2023 | A Reflected Cross-site scripting (XSS) vulnerability in the file manager tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the replace in results field while replacing the results under the tools drop down. | |||
| CVE-2023-41153 | 0.00 | — | 0.00 | Aug 29, 2023 | A Stored Cross-Site Scripting (XSS) vulnerability in the SSH configuration tab in Usermin 2.001 allows remote attackers to inject arbitrary web script or HTML via options for the host value while editing the host options. | |||
| CVE-2022-36880 | 0.00 | — | 0.01 | Jul 27, 2022 | The Read Mail module in Webmin 1.995 and Usermin through 1.850 allows XSS via a crafted HTML e-mail message. | |||
| CVE-2014-3884 | 0.00 | — | 0.01 | Jul 20, 2014 | Cross-site scripting (XSS) vulnerability in Usermin before 1.600 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this might overlap CVE-2014-3924. | |||
| CVE-2014-3883 | 0.00 | — | 0.01 | Jun 21, 2014 | Usermin before 1.600 allows remote attackers to execute arbitrary operating-system commands via unspecified vectors related to a user action. | |||
| CVE-2014-3924 | 0.00 | — | 0.01 | May 30, 2014 | Multiple cross-site scripting (XSS) vulnerabilities in Webmin before 1.690 and Usermin before 1.600 allow remote attackers to inject arbitrary web script or HTML via vectors related to popup windows. | |||
| CVE-2009-4568 | 0.00 | — | 0.02 | Jan 5, 2010 | Cross-site scripting (XSS) vulnerability in Webmin before 1.500 and Usermin before 1.430 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2008-0720 | 0.00 | — | 0.01 | Feb 12, 2008 | Cross-site scripting (XSS) vulnerability in Webmin 1.370 and 1.390 and Usermin 1.300 and 1.320 allows remote attackers to inject arbitrary web script or HTML via the search parameter to webmin_search.cgi (aka the search section), and possibly other components accessed through a… | |||
| CVE-2007-3156 | 0.00 | — | 0.02 | Jun 11, 2007 | Multiple cross-site scripting (XSS) vulnerabilities in pam_login.cgi in Webmin before 1.350 and Usermin before 1.280 allow remote attackers to inject arbitrary web script or HTML via the (1) cid, (2) message, or (3) question parameter. NOTE: some of these details are obtained… | |||
| CVE-2007-1276 | 0.00 | — | 0.01 | Mar 5, 2007 | Multiple cross-site scripting (XSS) vulnerabilities in chooser.cgi in Webmin before 1.330 and Usermin before 1.260 allow remote attackers to inject arbitrary web script or HTML via a crafted filename. | |||
| CVE-2006-4542 | 0.00 | — | 0.03 | Sep 5, 2006 | Webmin before 1.296 and Usermin before 1.226 do not properly handle a URL with a null ("%00") character, which allows remote attackers to conduct cross-site scripting (XSS), read CGI program source code, list directories, and possibly execute programs. | |||
| CVE-2005-3042 | 0.00 | — | 0.04 | Sep 22, 2005 | miniserv.pl in Webmin before 1.230 and Usermin before 1.160, when "full PAM conversations" is enabled, allows remote attackers to bypass authentication by spoofing session IDs via certain metacharacters (line feed or carriage return). | |||
| CVE-2005-1177 | 0.00 | — | 0.02 | May 2, 2005 | Unknown vulnerability in (1) Webmin and (2) Usermin before 1.200 causes Webmin to change permissions and ownership of configuration files, with unknown impact. | |||
| CVE-2004-1468 | 0.00 | — | 0.04 | Dec 31, 2004 | The web mail functionality in Usermin 1.x and Webmin 1.x allows remote attackers to execute arbitrary commands via shell metacharacters in an e-mail message. |
- risk 0.40cvss 6.1epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in (1) filter/save_forward.cgi, (2) filter/save.cgi, (3) /man/search.cgi in Usermin before 1.690.
- CVE-2024-44762Oct 16, 2024risk 0.04cvss —epss 0.03
A discrepancy in error messages for invalid login attempts in Webmin Usermin v2.100 allows attackers to enumerate valid user accounts.
- CVE-2024-36453Jul 10, 2024risk 0.00cvss —epss 0.00
Cross-site scripting vulnerability exists in session_login.cgi of Webmin versions prior to 1.970 and Usermin versions prior to 1.820. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the…
- CVE-2023-41156Sep 14, 2023risk 0.00cvss —epss 0.00
A Stored Cross-Site Scripting (XSS) vulnerability in the filter and forward mail tab in Usermin 2.001 allows remote attackers to inject arbitrary web script or HTML via the save to new folder named field while creating a new filter.
- CVE-2023-41155Sep 13, 2023risk 0.00cvss —epss 0.00
A Stored Cross-Site Scripting (XSS) vulnerability in the mail forwarding and replies tab in Webmin and Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the forward to field while creating a mail forwarding rule.
- CVE-2023-41154Sep 13, 2023risk 0.00cvss —epss 0.00
A Stored Cross-Site Scripting (XSS) vulnerability in the scheduled cron jobs tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the value field parameter while creating a new environment variable.
- CVE-2023-41163Aug 30, 2023risk 0.00cvss —epss 0.00
A Reflected Cross-site scripting (XSS) vulnerability in the file manager tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the replace in results field while replacing the results under the tools drop down.
- CVE-2023-41153Aug 29, 2023risk 0.00cvss —epss 0.00
A Stored Cross-Site Scripting (XSS) vulnerability in the SSH configuration tab in Usermin 2.001 allows remote attackers to inject arbitrary web script or HTML via options for the host value while editing the host options.
- CVE-2022-36880Jul 27, 2022risk 0.00cvss —epss 0.01
The Read Mail module in Webmin 1.995 and Usermin through 1.850 allows XSS via a crafted HTML e-mail message.
- CVE-2014-3884Jul 20, 2014risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Usermin before 1.600 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this might overlap CVE-2014-3924.
- CVE-2014-3883Jun 21, 2014risk 0.00cvss —epss 0.01
Usermin before 1.600 allows remote attackers to execute arbitrary operating-system commands via unspecified vectors related to a user action.
- CVE-2014-3924May 30, 2014risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in Webmin before 1.690 and Usermin before 1.600 allow remote attackers to inject arbitrary web script or HTML via vectors related to popup windows.
- CVE-2009-4568Jan 5, 2010risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in Webmin before 1.500 and Usermin before 1.430 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2008-0720Feb 12, 2008risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Webmin 1.370 and 1.390 and Usermin 1.300 and 1.320 allows remote attackers to inject arbitrary web script or HTML via the search parameter to webmin_search.cgi (aka the search section), and possibly other components accessed through a…
- CVE-2007-3156Jun 11, 2007risk 0.00cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in pam_login.cgi in Webmin before 1.350 and Usermin before 1.280 allow remote attackers to inject arbitrary web script or HTML via the (1) cid, (2) message, or (3) question parameter. NOTE: some of these details are obtained…
- CVE-2007-1276Mar 5, 2007risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in chooser.cgi in Webmin before 1.330 and Usermin before 1.260 allow remote attackers to inject arbitrary web script or HTML via a crafted filename.
- CVE-2006-4542Sep 5, 2006risk 0.00cvss —epss 0.03
Webmin before 1.296 and Usermin before 1.226 do not properly handle a URL with a null ("%00") character, which allows remote attackers to conduct cross-site scripting (XSS), read CGI program source code, list directories, and possibly execute programs.
- CVE-2005-3042Sep 22, 2005risk 0.00cvss —epss 0.04
miniserv.pl in Webmin before 1.230 and Usermin before 1.160, when "full PAM conversations" is enabled, allows remote attackers to bypass authentication by spoofing session IDs via certain metacharacters (line feed or carriage return).
- CVE-2005-1177May 2, 2005risk 0.00cvss —epss 0.02
Unknown vulnerability in (1) Webmin and (2) Usermin before 1.200 causes Webmin to change permissions and ownership of configuration files, with unknown impact.
- CVE-2004-1468Dec 31, 2004risk 0.00cvss —epss 0.04
The web mail functionality in Usermin 1.x and Webmin 1.x allows remote attackers to execute arbitrary commands via shell metacharacters in an e-mail message.
Page 1 of 2