Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
webmin webmin vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2017-2106
Multiple cross-site scripting vulnerabilities in Webmin versions before 1.830 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Webmin Webmin
312
VMScore
CVE-2020-8821
An Improper Data Validation Vulnerability exists in Webmin 1.941 and previous versions affecting the Command Shell Endpoint. A user may enter HTML code into the Command field and submit it. Then, after visiting the Action Logs Menu and displaying logs, the HTML code will be rende...
Webmin Webmin
NA
CVE-2023-52046
Cross Site Scripting vulnerability (XSS) in webmin v.2.105 and previous versions allows a remote malicious user to execute arbitrary code via a crafted payload to the "Execute cron job as" tab Input field.
Webmin Webmin
1000
VMScore
CVE-2019-15107
An issue exists in Webmin <=1.920. The parameter old in password_change.cgi contains a command injection vulnerability.
Webmin Webmin
1 EDB exploit
52 Github repositories
1 Article
685
VMScore
CVE-2017-15645
CSRF exists in Webmin 1.850. By sending a GET request to at/create_job.cgi containing dir=/&cmd= in the URI, an malicious user to execute arbitrary commands.
Webmin Webmin
1 EDB exploit
490
VMScore
CVE-2022-0829
Improper Authorization in GitHub repository webmin/webmin before 1.990.
Webmin Webmin
4 Github repositories
312
VMScore
CVE-2020-8820
An XSS Vulnerability exists in Webmin 1.941 and previous versions affecting the Cluster Shell Commands Endpoint. A user may enter any XSS Payload into the Command field and execute it. Then, after revisiting the Cluster Shell Commands Menu, the XSS Payload will be rendered and ex...
Webmin Webmin
605
VMScore
CVE-2019-15641
xmlrpc.cgi in Webmin up to and including 1.930 allows authenticated XXE attacks. By default, only root, admin, and sysadm can access xmlrpc.cgi.
Webmin Webmin
578
VMScore
CVE-2019-15642
rpc.cgi in Webmin up to and including 1.920 allows authenticated Remote Code Execution via a crafted object name because unserialise_variable makes an eval call. NOTE: the Webmin_Servers_Index documentation states "RPC can be used to run any command or modify any file on a s...
Webmin Webmin
1 Github repository
383
VMScore
CVE-2020-12670
XSS exists in Webmin 1.941 and previous versions affecting the Save function of the Read User Email Module / mailboxes Endpoint when attempting to save HTML emails. This module parses any output without sanitizing SCRIPT elements, as opposed to the View function, which sanitizes ...
Webmin Webmin
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
bypass
open redirect
CVE-2024-4358
CVE-2024-24199
CVE-2024-5550
CVE-2024-5305
CVE-2024-30373
CVE-2024-1800
deserialization
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »