Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
webmin vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2022-36880
The Read Mail module in Webmin 1.995 and Usermin up to and including 1.850 allows XSS via a crafted HTML e-mail message.
Webmin Usermin
Webmin Webmin 1.995
1 Github repository
NA
CVE-2023-41155
A Stored Cross-Site Scripting (XSS) vulnerability in the mail forwarding and replies tab in Webmin and Usermin 2.000 allows remote malicious users to inject arbitrary web script or HTML via the forward to field while creating a mail forwarding rule.
Webmin Webmin 2.000
Webmin Usermin 2.000
5
CVSSv2
CVE-2005-0427
The ebuild of Webmin prior to 1.170-r3 on Gentoo Linux includes the encrypted root password in the miniserv.users file when building a tbz2 of the webmin package, which allows remote malicious users to obtain and possibly crack the encrypted password.
Gentoo Webmin 1.150
Gentoo Webmin 1.160
Gentoo Webmin 1.140
Gentoo Webmin 1.170
6.5
CVSSv2
CVE-2022-30708
Webmin up to and including 1.991, when the Authentic theme is used, allows remote code execution when a user has been manually created (i.e., not created in Virtualmin or Cloudmin). This occurs because settings-editor_write.cgi does not properly restrict the file parameter.
Webmin Webmin
9
CVSSv2
CVE-2007-5066
Unspecified vulnerability in Webmin prior to 1.370 on Windows allows remote authenticated users to execute arbitrary commands via a crafted URL.
Webmin Webmin
9
CVSSv2
CVE-2022-0824
Improper Access Control to Remote Code Execution in GitHub repository webmin/webmin before 1.990.
Webmin Webmin
6 Github repositories
4.3
CVSSv2
CVE-2017-15646
Webmin prior to 1.860 has XSS with resultant remote code execution. Under the 'Others/File Manager' menu, there is a 'Download from remote URL' option to download a file from a remote server. After setting up a malicious server, one can wait for a file downloa...
Webmin Webmin
1 EDB exploit
4.3
CVSSv2
CVE-2017-9313
Multiple Cross-site scripting (XSS) vulnerabilities in Webmin prior to 1.850 allow remote malicious users to inject arbitrary web script or HTML via the sec parameter to view_man.cgi, the referers parameter to change_referers.cgi, or the name parameter to save_user.cgi. NOTE: the...
Webmin Webmin
9
CVSSv2
CVE-2019-12840
In Webmin up to and including 1.910, any user authorized to the "Package Updates" module can execute arbitrary commands with root privileges via the data parameter to update.cgi.
Webmin Webmin
12 Github repositories
NA
CVE-2023-52046
Cross Site Scripting vulnerability (XSS) in webmin v.2.105 and previous versions allows a remote malicious user to execute arbitrary code via a crafted payload to the "Execute cron job as" tab Input field.
Webmin Webmin
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924
CVE-2024-3400
overflow
CVE-2024-23528
CVE-2024-21338
CVE-2024-3818
CVE-2024-23535
NULL pointer dereference
elevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »