VYPR

Webmin

by Webmin

Source repositories

CVEs (103)

  • CVE-2024-45692Sep 4, 2024
    risk 0.00cvss epss 0.01

    Webmin before 2.202 and Virtualmin before 7.20.2 allow a network traffic loop via spoofed UDP packets on port 10000.

  • CVE-2024-36453Jul 10, 2024
    risk 0.00cvss epss 0.00

    Cross-site scripting vulnerability exists in session_login.cgi of Webmin versions prior to 1.970 and Usermin versions prior to 1.820. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the…

  • CVE-2024-36452Jul 10, 2024
    risk 0.00cvss epss 0.00

    Cross-site request forgery vulnerability exists in ajaxterm module of Webmin versions prior to 2.003. If this vulnerability is exploited, unintended operations may be performed when a user views a malicious page while logged in. As a result, data within a system may be referred,…

  • CVE-2024-36451Jul 10, 2024
    risk 0.00cvss epss 0.01

    Improper handling of insufficient permissions or privileges vulnerability exists in ajaxterm module of Webmin prior to 2.003. If this vulnerability is exploited, a console session may be hijacked by an unauthorized user. As a result, data within a system may be referred, a…

  • CVE-2024-36450Jul 10, 2024
    risk 0.00cvss epss 0.00

    Cross-site scripting vulnerability exists in sysinfo.cgi of Webmin versions prior to 1.910. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product. As a result, a session ID may be…

  • CVE-2023-52046Jan 25, 2024
    risk 0.00cvss epss 0.01

    Cross Site Scripting vulnerability (XSS) in webmin v.2.105 and earlier allows a remote attacker to execute arbitrary code via a crafted payload to the "Execute cron job as" tab Input field.

  • CVE-2023-43309Sep 21, 2023
    risk 0.00cvss epss 0.00

    There is a stored cross-site scripting (XSS) vulnerability in Webmin 2.002 and below via the Cluster Cron Job tab Input field, which allows attackers to run malicious scripts by injecting a specially crafted payload.

  • CVE-2023-40983Sep 15, 2023
    risk 0.00cvss epss 0.01

    A reflected cross-site scripting (XSS) vulnerability in the File Manager function of Webmin v2.100 allows attackers to execute malicious scripts via injecting a crafted payload into the Find in Results file.

  • CVE-2023-40986Sep 15, 2023
    risk 0.00cvss epss 0.00

    A stored cross-site scripting (XSS) vulnerability in the Usermin Configuration function of Webmin v2.100 allows attackers to execute arbitrary web sripts or HTML via a crafted payload injected into the Custom field.

  • CVE-2023-40985Sep 15, 2023
    risk 0.00cvss epss 0.00

    An issue was discovered in Webmin 2.100. The File Manager functionality allows an attacker to exploit a Cross-Site Scripting (XSS) vulnerability. By providing a malicious payload, an attacker can inject arbitrary code, which is then executed within the context of the victim's…

  • CVE-2023-40982Sep 15, 2023
    risk 0.00cvss epss 0.00

    A stored cross-site scripting (XSS) vulnerability in Webmin v2.100 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cloned module name parameter.

  • CVE-2023-40984Sep 15, 2023
    risk 0.00cvss epss 0.00

    A reflected cross-site scripting (XSS) vulnerability in the File Manager function of Webmin v2.100 allows attackers to execute malicious scripts via injecting a crafted payload into the Replace in Results file.

  • CVE-2023-41155Sep 13, 2023
    risk 0.00cvss epss 0.00

    A Stored Cross-Site Scripting (XSS) vulnerability in the mail forwarding and replies tab in Webmin and Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the forward to field while creating a mail forwarding rule.

  • CVE-2023-38306Jul 31, 2023
    risk 0.00cvss epss 0.01

    An issue was discovered in Webmin 2.021. A Cross-site Scripting (XSS) Bypass vulnerability was discovered in the file upload functionality. Normally, the application restricts the upload of certain file types such as .svg, .php, etc., and displays an error message if a…

  • CVE-2023-38308Jul 31, 2023
    risk 0.00cvss epss 0.01

    An issue was discovered in Webmin 2.021. A Cross-Site Scripting (XSS) vulnerability was discovered in the HTTP Tunnel functionality when handling third-party domain URLs. By providing a crafted URL from a third-party domain, an attacker can inject malicious code. leading to the…

  • CVE-2023-38305Jul 31, 2023
    risk 0.00cvss epss 0.01

    An issue was discovered in Webmin 2.021. The download functionality allows an attacker to exploit a Cross-Site Scripting (XSS) vulnerability. By providing a crafted download path containing a malicious payload, an attacker can inject arbitrary code, which is then executed within…

  • CVE-2023-38310Jul 31, 2023
    risk 0.00cvss epss 0.00

    An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the configuration settings of the system logs functionality. The vulnerability allows an attacker to store an XSS payload in the configuration settings of specific log…

  • CVE-2023-38309Jul 31, 2023
    risk 0.00cvss epss 0.01

    An issue was discovered in Webmin 2.021. A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the package search functionality. The vulnerability allows an attacker to inject a malicious payload in the "Search for Package" field, which gets reflected back in…

  • CVE-2023-38311Jul 31, 2023
    risk 0.00cvss epss 0.00

    An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the System Logs Viewer functionality. The vulnerability allows an attacker to store a malicious payload in the configuration field, triggering the execution of the…

  • CVE-2023-38303Jul 31, 2023
    risk 0.00cvss epss 0.01

    An issue was discovered in Webmin 2.021. One can exploit a stored Cross-Site Scripting (XSS) attack to achieve Remote Command Execution (RCE) through the Users and Group's real name parameter.

Page 3 of 6