VYPR

Vendor CVEs

Webmin

All CVEs

111 total · sorted by risk
  • CVE-2023-40983Sep 15, 2023
    risk 0.00cvss epss 0.01

    A reflected cross-site scripting (XSS) vulnerability in the File Manager function of Webmin v2.100 allows attackers to execute malicious scripts via injecting a crafted payload into the Find in Results file.

  • CVE-2023-40985Sep 15, 2023
    risk 0.00cvss epss 0.00

    An issue was discovered in Webmin 2.100. The File Manager functionality allows an attacker to exploit a Cross-Site Scripting (XSS) vulnerability. By providing a malicious payload, an attacker can inject arbitrary code, which is then executed within the context of the victim's…

  • CVE-2023-40982Sep 15, 2023
    risk 0.00cvss epss 0.00

    A stored cross-site scripting (XSS) vulnerability in Webmin v2.100 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cloned module name parameter.

  • CVE-2023-40986Sep 15, 2023
    risk 0.00cvss epss 0.00

    A stored cross-site scripting (XSS) vulnerability in the Usermin Configuration function of Webmin v2.100 allows attackers to execute arbitrary web sripts or HTML via a crafted payload injected into the Custom field.

  • CVE-2023-41156Sep 14, 2023
    risk 0.00cvss epss 0.00

    A Stored Cross-Site Scripting (XSS) vulnerability in the filter and forward mail tab in Usermin 2.001 allows remote attackers to inject arbitrary web script or HTML via the save to new folder named field while creating a new filter.

  • CVE-2023-41155Sep 13, 2023
    risk 0.00cvss epss 0.00

    A Stored Cross-Site Scripting (XSS) vulnerability in the mail forwarding and replies tab in Webmin and Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the forward to field while creating a mail forwarding rule.

  • CVE-2023-41154Sep 13, 2023
    risk 0.00cvss epss 0.00

    A Stored Cross-Site Scripting (XSS) vulnerability in the scheduled cron jobs tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the value field parameter while creating a new environment variable.

  • CVE-2023-41163Aug 30, 2023
    risk 0.00cvss epss 0.00

    A Reflected Cross-site scripting (XSS) vulnerability in the file manager tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the replace in results field while replacing the results under the tools drop down.

  • CVE-2023-41153Aug 29, 2023
    risk 0.00cvss epss 0.00

    A Stored Cross-Site Scripting (XSS) vulnerability in the SSH configuration tab in Usermin 2.001 allows remote attackers to inject arbitrary web script or HTML via options for the host value while editing the host options.

  • CVE-2023-38309Jul 31, 2023
    risk 0.00cvss epss 0.01

    An issue was discovered in Webmin 2.021. A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the package search functionality. The vulnerability allows an attacker to inject a malicious payload in the "Search for Package" field, which gets reflected back in…

  • CVE-2023-38307Jul 31, 2023
    risk 0.00cvss epss 0.00

    An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the Users and Groups functionality. The vulnerability occurs when an authenticated user adds a new user and inserts an XSS payload into the user's real name.

  • CVE-2023-38308Jul 31, 2023
    risk 0.00cvss epss 0.01

    An issue was discovered in Webmin 2.021. A Cross-Site Scripting (XSS) vulnerability was discovered in the HTTP Tunnel functionality when handling third-party domain URLs. By providing a crafted URL from a third-party domain, an attacker can inject malicious code. leading to the…

  • CVE-2023-38310Jul 31, 2023
    risk 0.00cvss epss 0.00

    An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the configuration settings of the system logs functionality. The vulnerability allows an attacker to store an XSS payload in the configuration settings of specific log…

  • CVE-2023-38305Jul 31, 2023
    risk 0.00cvss epss 0.01

    An issue was discovered in Webmin 2.021. The download functionality allows an attacker to exploit a Cross-Site Scripting (XSS) vulnerability. By providing a crafted download path containing a malicious payload, an attacker can inject arbitrary code, which is then executed within…

  • CVE-2023-38311Jul 31, 2023
    risk 0.00cvss epss 0.00

    An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the System Logs Viewer functionality. The vulnerability allows an attacker to store a malicious payload in the configuration field, triggering the execution of the…

  • CVE-2023-38303Jul 31, 2023
    risk 0.00cvss epss 0.01

    An issue was discovered in Webmin 2.021. One can exploit a stored Cross-Site Scripting (XSS) attack to achieve Remote Command Execution (RCE) through the Users and Group's real name parameter.

  • CVE-2023-38304Jul 31, 2023
    risk 0.00cvss epss 0.00

    An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the Users and Groups functionality, allowing an attacker to store a malicious payload in the Group Name field when creating a new group.

  • CVE-2023-38306Jul 31, 2023
    risk 0.00cvss epss 0.01

    An issue was discovered in Webmin 2.021. A Cross-site Scripting (XSS) Bypass vulnerability was discovered in the file upload functionality. Normally, the application restricts the upload of certain file types such as .svg, .php, etc., and displays an error message if a…

  • CVE-2022-3844Nov 2, 2022
    risk 0.00cvss epss 0.01

    A vulnerability, which was classified as problematic, was found in Webmin 2.001. Affected is an unknown function of the file xterm/index.cgi. The manipulation leads to basic cross site scripting. It is possible to launch the attack remotely. Upgrading to version 2.003 is able to…

  • CVE-2022-36880Jul 27, 2022
    risk 0.00cvss epss 0.01

    The Read Mail module in Webmin 1.995 and Usermin through 1.850 allows XSS via a crafted HTML e-mail message.

  • CVE-2022-30708May 15, 2022
    risk 0.00cvss epss 0.03

    Webmin through 1.991, when the Authentic theme is used, allows remote code execution when a user has been manually created (i.e., not created in Virtualmin or Cloudmin). This occurs because settings-editor_write.cgi does not properly restrict the file parameter.

  • CVE-2022-0829Mar 2, 2022
    risk 0.00cvss epss 0.01

    Improper Authorization in GitHub repository webmin/webmin prior to 1.990.

  • CVE-2020-35769Dec 29, 2020
    risk 0.00cvss epss 0.02

    miniserv.pl in Webmin 1.962 on Windows mishandles special characters in query arguments to the CGI program.

  • CVE-2020-12670Oct 12, 2020
    risk 0.00cvss epss 0.01

    XSS exists in Webmin 1.941 and earlier affecting the Save function of the Read User Email Module / mailboxes Endpoint when attempting to save HTML emails. This module parses any output without sanitizing SCRIPT elements, as opposed to the View function, which sanitizes the input…

  • CVE-2020-8821Oct 12, 2020
    risk 0.00cvss epss 0.82

    An Improper Data Validation Vulnerability exists in Webmin 1.941 and earlier affecting the Command Shell Endpoint. A user may enter HTML code into the Command field and submit it. Then, after visiting the Action Logs Menu and displaying logs, the HTML code will be rendered…

  • CVE-2020-8820Oct 12, 2020
    risk 0.00cvss epss 0.01

    An XSS Vulnerability exists in Webmin 1.941 and earlier affecting the Cluster Shell Commands Endpoint. A user may enter any XSS Payload into the Command field and execute it. Then, after revisiting the Cluster Shell Commands Menu, the XSS Payload will be rendered and executed.

  • CVE-2019-15641Aug 26, 2019
    risk 0.00cvss epss 0.01

    xmlrpc.cgi in Webmin through 1.930 allows authenticated XXE attacks. By default, only root, admin, and sysadm can access xmlrpc.cgi.

  • CVE-2018-19191Mar 17, 2019
    risk 0.00cvss epss 0.40

    Webmin 1.890 has XSS via /config.cgi?webmin, the /shell/index.cgi history parameter, /shell/index.cgi?stripped=1, or the /webminlog/search.cgi uall or mall parameter.

  • CVE-2015-1377Feb 10, 2015
    risk 0.00cvss epss 0.00

    The Read Mail module in Webmin 1.720 allows local users to read arbitrary files via a symlink attack on an unspecified file.

  • CVE-2014-3886Jul 20, 2014
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Webmin before 1.690, when referrer checking is disabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this might overlap CVE-2014-3924.

  • CVE-2014-3885Jul 20, 2014
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Webmin before 1.690 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. NOTE: this might overlap CVE-2014-3924.

  • CVE-2014-3884Jul 20, 2014
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Usermin before 1.600 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this might overlap CVE-2014-3924.

  • CVE-2014-3883Jun 21, 2014
    risk 0.00cvss epss 0.01

    Usermin before 1.600 allows remote attackers to execute arbitrary operating-system commands via unspecified vectors related to a user action.

  • CVE-2014-3924May 30, 2014
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in Webmin before 1.690 and Usermin before 1.600 allow remote attackers to inject arbitrary web script or HTML via vectors related to popup windows.

  • CVE-2014-0339Mar 16, 2014
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in view.cgi in Webmin before 1.680 allows remote attackers to inject arbitrary web script or HTML via the search parameter.

  • CVE-2012-4893Sep 11, 2012
    risk 0.00cvss epss 0.01

    Multiple cross-site request forgery (CSRF) vulnerabilities in file/show.cgi in Webmin 1.590 and earlier allow remote attackers to hijack the authentication of privileged users for requests that (1) read files or execute (2) tar, (3) zip, or (4) gzip commands, a different issue…

  • CVE-2012-2983Sep 11, 2012
    risk 0.00cvss epss 0.20

    file/edit_html.cgi in Webmin 1.590 and earlier does not perform an authorization check before showing a file's unedited contents, which allows remote attackers to read arbitrary files via the file field.

  • CVE-2012-2981Sep 11, 2012
    risk 0.00cvss epss 0.02

    Webmin 1.590 and earlier allows remote authenticated users to execute arbitrary Perl code via a crafted file associated with the type (aka monitor type name) parameter.

  • CVE-2011-1937May 31, 2011
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in Webmin 1.540 and earlier allows local users to inject arbitrary web script or HTML via a chfn command that changes the real (aka Full Name) field, related to useradmin/index.cgi and useradmin/user-lib.pl.

  • CVE-2009-4568Jan 5, 2010
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in Webmin before 1.500 and Usermin before 1.430 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2008-0720Feb 12, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Webmin 1.370 and 1.390 and Usermin 1.300 and 1.320 allows remote attackers to inject arbitrary web script or HTML via the search parameter to webmin_search.cgi (aka the search section), and possibly other components accessed through a…

  • CVE-2007-5066Sep 24, 2007
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in Webmin before 1.370 on Windows allows remote authenticated users to execute arbitrary commands via a crafted URL.

  • CVE-2007-3156Jun 11, 2007
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in pam_login.cgi in Webmin before 1.350 and Usermin before 1.280 allow remote attackers to inject arbitrary web script or HTML via the (1) cid, (2) message, or (3) question parameter. NOTE: some of these details are obtained…

  • CVE-2007-1276Mar 5, 2007
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in chooser.cgi in Webmin before 1.330 and Usermin before 1.260 allow remote attackers to inject arbitrary web script or HTML via a crafted filename.

  • CVE-2006-4542Sep 5, 2006
    risk 0.00cvss epss 0.03

    Webmin before 1.296 and Usermin before 1.226 do not properly handle a URL with a null ("%00") character, which allows remote attackers to conduct cross-site scripting (XSS), read CGI program source code, list directories, and possibly execute programs.

  • CVE-2006-3274Jun 28, 2006
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in Webmin before 1.280, when run on Windows, allows remote attackers to read arbitrary files via \ (backslash) characters in the URL to certain directories under the web root, such as the image directory.

  • CVE-2005-3042Sep 22, 2005
    risk 0.00cvss epss 0.04

    miniserv.pl in Webmin before 1.230 and Usermin before 1.160, when "full PAM conversations" is enabled, allows remote attackers to bypass authentication by spoofing session IDs via certain metacharacters (line feed or carriage return).

  • CVE-2005-1177May 2, 2005
    risk 0.00cvss epss 0.02

    Unknown vulnerability in (1) Webmin and (2) Usermin before 1.200 causes Webmin to change permissions and ownership of configuration files, with unknown impact.

  • CVE-2004-1468Dec 31, 2004
    risk 0.00cvss epss 0.04

    The web mail functionality in Usermin 1.x and Webmin 1.x allows remote attackers to execute arbitrary commands via shell metacharacters in an e-mail message.

  • CVE-2004-0559Oct 20, 2004
    risk 0.00cvss epss 0.00

    The maketemp.pl script in Usermin 1.070 and 1.080 allows local users to overwrite arbitrary files at install time via a symlink attack on the /tmp/.usermin directory.