Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
webmin vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2017-2106
Multiple cross-site scripting vulnerabilities in Webmin versions before 1.830 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Webmin Webmin
5.4
CVSSv3
CVE-2020-8821
An Improper Data Validation Vulnerability exists in Webmin 1.941 and previous versions affecting the Command Shell Endpoint. A user may enter HTML code into the Command field and submit it. Then, after visiting the Action Logs Menu and displaying logs, the HTML code will be rende...
Webmin Webmin
4.8
CVSSv3
CVE-2023-52046
Cross Site Scripting vulnerability (XSS) in webmin v.2.105 and previous versions allows a remote malicious user to execute arbitrary code via a crafted payload to the "Execute cron job as" tab Input field.
Webmin Webmin
9.8
CVSSv3
CVE-2019-15107
An issue exists in Webmin <=1.920. The parameter old in password_change.cgi contains a command injection vulnerability.
Webmin Webmin
1 EDB exploit
52 Github repositories
1 Article
8.8
CVSSv3
CVE-2017-15645
CSRF exists in Webmin 1.850. By sending a GET request to at/create_job.cgi containing dir=/&cmd= in the URI, an malicious user to execute arbitrary commands.
Webmin Webmin
1 EDB exploit
8.1
CVSSv3
CVE-2022-0829
Improper Authorization in GitHub repository webmin/webmin before 1.990.
Webmin Webmin
4 Github repositories
5.4
CVSSv3
CVE-2020-8820
An XSS Vulnerability exists in Webmin 1.941 and previous versions affecting the Cluster Shell Commands Endpoint. A user may enter any XSS Payload into the Command field and execute it. Then, after revisiting the Cluster Shell Commands Menu, the XSS Payload will be rendered and ex...
Webmin Webmin
6.5
CVSSv3
CVE-2019-15641
xmlrpc.cgi in Webmin up to and including 1.930 allows authenticated XXE attacks. By default, only root, admin, and sysadm can access xmlrpc.cgi.
Webmin Webmin
8.8
CVSSv3
CVE-2019-15642
rpc.cgi in Webmin up to and including 1.920 allows authenticated Remote Code Execution via a crafted object name because unserialise_variable makes an eval call. NOTE: the Webmin_Servers_Index documentation states "RPC can be used to run any command or modify any file on a s...
Webmin Webmin
1 Github repository
6.1
CVSSv3
CVE-2020-12670
XSS exists in Webmin 1.941 and previous versions affecting the Save function of the Read User Email Module / mailboxes Endpoint when attempting to save HTML emails. This module parses any output without sanitizing SCRIPT elements, as opposed to the View function, which sanitizes ...
Webmin Webmin
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248
CVE-2024-3110
CVE-2024-5552
CVE-2024-29415
HTML injection
CVE-2024-3095
TCP
type confusion
CVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »