Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
webmin vulnerabilities and exploits
(subscribe to this query)
4.8
CVSSv3
CVE-2023-52046
Cross Site Scripting vulnerability (XSS) in webmin v.2.105 and previous versions allows a remote malicious user to execute arbitrary code via a crafted payload to the "Execute cron job as" tab Input field.
Webmin Webmin
4.8
CVSSv3
CVE-2017-17089
custom/run.cgi in Webmin prior to 1.870 allows remote authenticated administrators to conduct XSS attacks via the description field in the custom command functionality.
Webmin Webmin
NA
CVE-2015-1377
The Read Mail module in Webmin 1.720 allows local users to read arbitrary files via a symlink attack on an unspecified file.
Webmin Webmin
8.8
CVSSv3
CVE-2019-15642
rpc.cgi in Webmin up to and including 1.920 allows authenticated Remote Code Execution via a crafted object name because unserialise_variable makes an eval call. NOTE: the Webmin_Servers_Index documentation states "RPC can be used to run any command or modify any file on a s...
Webmin Webmin
1 Github repository
8.8
CVSSv3
CVE-2022-30708
Webmin up to and including 1.991, when the Authentic theme is used, allows remote code execution when a user has been manually created (i.e., not created in Virtualmin or Cloudmin). This occurs because settings-editor_write.cgi does not properly restrict the file parameter.
Webmin Webmin
NA
CVE-2002-2201
The Printer Administration module for Webmin 0.990 and previous versions allows remote malicious users to execute arbitrary commands via shell metacharacters in the printer name.
Webmin Webmin
5.4
CVSSv3
CVE-2023-40982
A stored cross-site scripting (XSS) vulnerability in Webmin v2.100 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the cloned module name parameter.
Webmin Webmin 2.100
6.1
CVSSv3
CVE-2023-40983
A reflected cross-site scripting (XSS) vulnerability in the File Manager function of Webmin v2.100 allows malicious users to execute malicious scripts via injecting a crafted payload into the Find in Results file.
Webmin Webmin 2.100
5.4
CVSSv3
CVE-2023-40984
A reflected cross-site scripting (XSS) vulnerability in the File Manager function of Webmin v2.100 allows malicious users to execute malicious scripts via injecting a crafted payload into the Replace in Results file.
Webmin Webmin 2.100
5.4
CVSSv3
CVE-2023-40985
An issue exists in Webmin 2.100. The File Manager functionality allows an malicious user to exploit a Cross-Site Scripting (XSS) vulnerability. By providing a malicious payload, an attacker can inject arbitrary code, which is then executed within the context of the victim's ...
Webmin Webmin 2.100
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
firmware
CVE-2006-4304
CVE-2024-32878
CVE-2024-31502
XSS
CVE-2024-3059
CVE-2024-33692
CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »