Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
webmin webmin vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2019-15641
xmlrpc.cgi in Webmin up to and including 1.930 allows authenticated XXE attacks. By default, only root, admin, and sysadm can access xmlrpc.cgi.
Webmin Webmin
6.5
CVSSv2
CVE-2019-15642
rpc.cgi in Webmin up to and including 1.920 allows authenticated Remote Code Execution via a crafted object name because unserialise_variable makes an eval call. NOTE: the Webmin_Servers_Index documentation states "RPC can be used to run any command or modify any file on a s...
Webmin Webmin
1 Github repository
NA
CVE-2022-36446
software/apt-lib.pl in Webmin prior to 1.997 lacks HTML escaping for a UI command.
Webmin Webmin
4 Github repositories
9
CVSSv2
CVE-2007-5066
Unspecified vulnerability in Webmin prior to 1.370 on Windows allows remote authenticated users to execute arbitrary commands via a crafted URL.
Webmin Webmin
3.5
CVSSv2
CVE-2020-8820
An XSS Vulnerability exists in Webmin 1.941 and previous versions affecting the Cluster Shell Commands Endpoint. A user may enter any XSS Payload into the Command field and execute it. Then, after revisiting the Cluster Shell Commands Menu, the XSS Payload will be rendered and ex...
Webmin Webmin
3.5
CVSSv2
CVE-2020-8821
An Improper Data Validation Vulnerability exists in Webmin 1.941 and previous versions affecting the Command Shell Endpoint. A user may enter HTML code into the Command field and submit it. Then, after visiting the Action Logs Menu and displaying logs, the HTML code will be rende...
Webmin Webmin
NA
CVE-2023-40982
A stored cross-site scripting (XSS) vulnerability in Webmin v2.100 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the cloned module name parameter.
Webmin Webmin 2.100
NA
CVE-2023-40983
A reflected cross-site scripting (XSS) vulnerability in the File Manager function of Webmin v2.100 allows malicious users to execute malicious scripts via injecting a crafted payload into the Find in Results file.
Webmin Webmin 2.100
NA
CVE-2023-40984
A reflected cross-site scripting (XSS) vulnerability in the File Manager function of Webmin v2.100 allows malicious users to execute malicious scripts via injecting a crafted payload into the Replace in Results file.
Webmin Webmin 2.100
NA
CVE-2023-40985
An issue exists in Webmin 2.100. The File Manager functionality allows an malicious user to exploit a Cross-Site Scripting (XSS) vulnerability. By providing a malicious payload, an attacker can inject arbitrary code, which is then executed within the context of the victim's ...
Webmin Webmin 2.100
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege escalation
CVE-2024-20696
CVE-2024-29829
CVE-2024-33999
CVE-2024-35646
physical
CVE-2024-24919
CVE-2024-31030
local users
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »