Filtered by vendor Webmin
Subscriptions
Total
103 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2021-32159 | 1 Webmin | 1 Webmin | 2024-08-03 | 8.8 High |
A Cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 via the Upload and Download feature. | ||||
CVE-2021-32161 | 1 Webmin | 1 Webmin | 2024-08-03 | 6.1 Medium |
A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 through the File Manager feature. | ||||
CVE-2021-31760 | 1 Webmin | 1 Webmin | 2024-08-03 | 8.8 High |
Webmin 1.973 is affected by Cross Site Request Forgery (CSRF) to achieve Remote Command Execution (RCE) through Webmin's running process feature. | ||||
CVE-2021-31761 | 1 Webmin | 1 Webmin | 2024-08-03 | 9.6 Critical |
Webmin 1.973 is affected by reflected Cross Site Scripting (XSS) to achieve Remote Command Execution through Webmin's running process feature. | ||||
CVE-2021-31762 | 1 Webmin | 1 Webmin | 2024-08-03 | 8.8 High |
Webmin 1.973 is affected by Cross Site Request Forgery (CSRF) to create a privileged user through Webmin's add users feature, and then get a reverse shell through Webmin's running process feature. | ||||
CVE-2022-36880 | 1 Webmin | 2 Usermin, Webmin | 2024-08-03 | 6.1 Medium |
The Read Mail module in Webmin 1.995 and Usermin through 1.850 allows XSS via a crafted HTML e-mail message. | ||||
CVE-2022-36446 | 1 Webmin | 1 Webmin | 2024-08-03 | 9.8 Critical |
software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command. | ||||
CVE-2022-35132 | 1 Webmin | 1 Usermin | 2024-08-03 | 8.8 High |
Usermin through 1.850 allows a remote authenticated user to execute OS commands via command injection in a filename for the GPG module. | ||||
CVE-2022-30708 | 1 Webmin | 1 Webmin | 2024-08-03 | 8.8 High |
Webmin through 1.991, when the Authentic theme is used, allows remote code execution when a user has been manually created (i.e., not created in Virtualmin or Cloudmin). This occurs because settings-editor_write.cgi does not properly restrict the file parameter. | ||||
CVE-2022-3844 | 1 Webmin | 1 Webmin | 2024-08-03 | 3.5 Low |
A vulnerability, which was classified as problematic, was found in Webmin 2.001. Affected is an unknown function of the file xterm/index.cgi. The manipulation leads to basic cross site scripting. It is possible to launch the attack remotely. Upgrading to version 2.003 is able to address this issue. The patch is identified as d3d33af3c0c3fd3a889c84e287a038b7a457d811. It is recommended to upgrade the affected component. VDB-212862 is the identifier assigned to this vulnerability. | ||||
CVE-2022-0829 | 1 Webmin | 1 Webmin | 2024-08-02 | 8.1 High |
Improper Authorization in GitHub repository webmin/webmin prior to 1.990. | ||||
CVE-2022-0824 | 1 Webmin | 1 Webmin | 2024-08-02 | 8.8 High |
Improper Access Control to Remote Code Execution in GitHub repository webmin/webmin prior to 1.990. | ||||
CVE-2023-52046 | 1 Webmin | 1 Webmin | 2024-08-02 | 4.8 Medium |
Cross Site Scripting vulnerability (XSS) in webmin v.2.105 and earlier allows a remote attacker to execute arbitrary code via a crafted payload to the "Execute cron job as" tab Input field. | ||||
CVE-2023-43309 | 1 Webmin | 1 Webmin | 2024-08-02 | 4.8 Medium |
There is a stored cross-site scripting (XSS) vulnerability in Webmin 2.002 and below via the Cluster Cron Job tab Input field, which allows attackers to run malicious scripts by injecting a specially crafted payload. | ||||
CVE-2023-41155 | 1 Webmin | 2 Usermin, Webmin | 2024-08-02 | 5.4 Medium |
A Stored Cross-Site Scripting (XSS) vulnerability in the mail forwarding and replies tab in Webmin and Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the forward to field while creating a mail forwarding rule. | ||||
CVE-2023-41157 | 1 Webmin | 1 Usermin | 2024-08-02 | 5.4 Medium |
Multiple stored cross-site scripting (XSS) vulnerabilities in Usermin 2.000 allow remote attackers to inject arbitrary web script or HTML via the folder name parameter while creating the folder to manage the folder tab, filter tab, and forward mail tab. | ||||
CVE-2023-41161 | 1 Webmin | 1 Usermin | 2024-08-02 | 5.4 Medium |
Multiple stored cross-site scripting (XSS) vulnerabilities in Usermin 2.000 allow remote attackers to inject arbitrary web script or HTML via the key comment to different pages such as public key details, Export key, sign key, send to key server page, and fetch from key server page tab. | ||||
CVE-2023-41163 | 1 Webmin | 1 Webmin | 2024-08-02 | 6.1 Medium |
A Reflected Cross-site scripting (XSS) vulnerability in the file manager tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the replace in results field while replacing the results under the tools drop down. | ||||
CVE-2023-41158 | 1 Webmin | 1 Usermin | 2024-08-02 | 5.4 Medium |
A Stored Cross-Site Scripting (XSS) vulnerability in the MIME type programs tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the description field while creating a new MIME type program. | ||||
CVE-2023-41159 | 1 Webmin | 1 Usermin | 2024-08-02 | 5.4 Medium |
A Stored Cross-Site Scripting (XSS) vulnerability while editing the autoreply file page in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML by editing the forward file manually. |