Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
webmin vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2022-36880
The Read Mail module in Webmin 1.995 and Usermin up to and including 1.850 allows XSS via a crafted HTML e-mail message.
Webmin Usermin
Webmin Webmin 1.995
1 Github repository
NA
CVE-2023-41155
A Stored Cross-Site Scripting (XSS) vulnerability in the mail forwarding and replies tab in Webmin and Usermin 2.000 allows remote malicious users to inject arbitrary web script or HTML via the forward to field while creating a mail forwarding rule.
Webmin Webmin 2.000
Webmin Usermin 2.000
5
CVSSv2
CVE-2005-0427
The ebuild of Webmin prior to 1.170-r3 on Gentoo Linux includes the encrypted root password in the miniserv.users file when building a tbz2 of the webmin package, which allows remote malicious users to obtain and possibly crack the encrypted password.
Gentoo Webmin 1.150
Gentoo Webmin 1.160
Gentoo Webmin 1.140
Gentoo Webmin 1.170
4.3
CVSSv2
CVE-2017-2106
Multiple cross-site scripting vulnerabilities in Webmin versions before 1.830 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Webmin Webmin
4.9
CVSSv2
CVE-2015-1377
The Read Mail module in Webmin 1.720 allows local users to read arbitrary files via a symlink attack on an unspecified file.
Webmin Webmin
3.5
CVSSv2
CVE-2020-8820
An XSS Vulnerability exists in Webmin 1.941 and previous versions affecting the Cluster Shell Commands Endpoint. A user may enter any XSS Payload into the Command field and execute it. Then, after revisiting the Cluster Shell Commands Menu, the XSS Payload will be rendered and ex...
Webmin Webmin
9
CVSSv2
CVE-2007-5066
Unspecified vulnerability in Webmin prior to 1.370 on Windows allows remote authenticated users to execute arbitrary commands via a crafted URL.
Webmin Webmin
6.5
CVSSv2
CVE-2022-30708
Webmin up to and including 1.991, when the Authentic theme is used, allows remote code execution when a user has been manually created (i.e., not created in Virtualmin or Cloudmin). This occurs because settings-editor_write.cgi does not properly restrict the file parameter.
Webmin Webmin
6.5
CVSSv2
CVE-2019-15642
rpc.cgi in Webmin up to and including 1.920 allows authenticated Remote Code Execution via a crafted object name because unserialise_variable makes an eval call. NOTE: the Webmin_Servers_Index documentation states "RPC can be used to run any command or modify any file on a s...
Webmin Webmin
1 Github repository
9
CVSSv2
CVE-2019-12840
In Webmin up to and including 1.910, any user authorized to the "Package Updates" module can execute arbitrary commands with root privileges via the data parameter to update.cgi.
Webmin Webmin
12 Github repositories
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-34377
CVE-2024-20859
CVE-2023-49606
inject
arbitrary
CVE-2024-33788
CVE-2024-30973
IDOR
CVE-2024-33907
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »