VYPR

Webmin

by Webmin

Source repositories

CVEs (103)

  • CVE-2023-38308Jul 31, 2023
    risk 0.00cvss epss 0.01

    An issue was discovered in Webmin 2.021. A Cross-Site Scripting (XSS) vulnerability was discovered in the HTTP Tunnel functionality when handling third-party domain URLs. By providing a crafted URL from a third-party domain, an attacker can inject malicious code. leading to the…

  • CVE-2023-38311Jul 31, 2023
    risk 0.00cvss epss 0.00

    An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the System Logs Viewer functionality. The vulnerability allows an attacker to store a malicious payload in the configuration field, triggering the execution of the…

  • CVE-2022-3844Nov 2, 2022
    risk 0.00cvss epss 0.01

    A vulnerability, which was classified as problematic, was found in Webmin 2.001. Affected is an unknown function of the file xterm/index.cgi. The manipulation leads to basic cross site scripting. It is possible to launch the attack remotely. Upgrading to version 2.003 is able to…

  • CVE-2022-36880Jul 27, 2022
    risk 0.00cvss epss 0.01

    The Read Mail module in Webmin 1.995 and Usermin through 1.850 allows XSS via a crafted HTML e-mail message.

  • CVE-2022-30708May 15, 2022
    risk 0.00cvss epss 0.03

    Webmin through 1.991, when the Authentic theme is used, allows remote code execution when a user has been manually created (i.e., not created in Virtualmin or Cloudmin). This occurs because settings-editor_write.cgi does not properly restrict the file parameter.

  • CVE-2022-0829Mar 2, 2022
    risk 0.00cvss epss 0.01

    Improper Authorization in GitHub repository webmin/webmin prior to 1.990.

  • CVE-2020-35769Dec 29, 2020
    risk 0.00cvss epss 0.02

    miniserv.pl in Webmin 1.962 on Windows mishandles special characters in query arguments to the CGI program.

  • CVE-2020-12670Oct 12, 2020
    risk 0.00cvss epss 0.01

    XSS exists in Webmin 1.941 and earlier affecting the Save function of the Read User Email Module / mailboxes Endpoint when attempting to save HTML emails. This module parses any output without sanitizing SCRIPT elements, as opposed to the View function, which sanitizes the input…

  • CVE-2020-8821Oct 12, 2020
    risk 0.00cvss epss 0.82

    An Improper Data Validation Vulnerability exists in Webmin 1.941 and earlier affecting the Command Shell Endpoint. A user may enter HTML code into the Command field and submit it. Then, after visiting the Action Logs Menu and displaying logs, the HTML code will be rendered…

  • CVE-2020-8820Oct 12, 2020
    risk 0.00cvss epss 0.01

    An XSS Vulnerability exists in Webmin 1.941 and earlier affecting the Cluster Shell Commands Endpoint. A user may enter any XSS Payload into the Command field and execute it. Then, after revisiting the Cluster Shell Commands Menu, the XSS Payload will be rendered and executed.

  • CVE-2019-15641Aug 26, 2019
    risk 0.00cvss epss 0.01

    xmlrpc.cgi in Webmin through 1.930 allows authenticated XXE attacks. By default, only root, admin, and sysadm can access xmlrpc.cgi.

  • CVE-2018-19191Mar 17, 2019
    risk 0.00cvss epss 0.40

    Webmin 1.890 has XSS via /config.cgi?webmin, the /shell/index.cgi history parameter, /shell/index.cgi?stripped=1, or the /webminlog/search.cgi uall or mall parameter.

  • CVE-2015-1377Feb 10, 2015
    risk 0.00cvss epss 0.00

    The Read Mail module in Webmin 1.720 allows local users to read arbitrary files via a symlink attack on an unspecified file.

  • CVE-2014-3886Jul 20, 2014
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Webmin before 1.690, when referrer checking is disabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this might overlap CVE-2014-3924.

  • CVE-2014-3885Jul 20, 2014
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Webmin before 1.690 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. NOTE: this might overlap CVE-2014-3924.

  • CVE-2014-3924May 30, 2014
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in Webmin before 1.690 and Usermin before 1.600 allow remote attackers to inject arbitrary web script or HTML via vectors related to popup windows.

  • CVE-2014-0339Mar 16, 2014
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in view.cgi in Webmin before 1.680 allows remote attackers to inject arbitrary web script or HTML via the search parameter.

  • CVE-2012-4893Sep 11, 2012
    risk 0.00cvss epss 0.01

    Multiple cross-site request forgery (CSRF) vulnerabilities in file/show.cgi in Webmin 1.590 and earlier allow remote attackers to hijack the authentication of privileged users for requests that (1) read files or execute (2) tar, (3) zip, or (4) gzip commands, a different issue…

  • CVE-2012-2983Sep 11, 2012
    risk 0.00cvss epss 0.20

    file/edit_html.cgi in Webmin 1.590 and earlier does not perform an authorization check before showing a file's unedited contents, which allows remote attackers to read arbitrary files via the file field.

  • CVE-2012-2981Sep 11, 2012
    risk 0.00cvss epss 0.02

    Webmin 1.590 and earlier allows remote authenticated users to execute arbitrary Perl code via a crafted file associated with the type (aka monitor type name) parameter.

Page 4 of 6