Filtered by vendor Webmin
Subscriptions
Filtered by product Webmin
Subscriptions
Total
88 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-36446 | 1 Webmin | 1 Webmin | 2024-08-03 | 9.8 Critical |
software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command. | ||||
CVE-2022-30708 | 1 Webmin | 1 Webmin | 2024-08-03 | 8.8 High |
Webmin through 1.991, when the Authentic theme is used, allows remote code execution when a user has been manually created (i.e., not created in Virtualmin or Cloudmin). This occurs because settings-editor_write.cgi does not properly restrict the file parameter. | ||||
CVE-2022-3844 | 1 Webmin | 1 Webmin | 2024-08-03 | 3.5 Low |
A vulnerability, which was classified as problematic, was found in Webmin 2.001. Affected is an unknown function of the file xterm/index.cgi. The manipulation leads to basic cross site scripting. It is possible to launch the attack remotely. Upgrading to version 2.003 is able to address this issue. The patch is identified as d3d33af3c0c3fd3a889c84e287a038b7a457d811. It is recommended to upgrade the affected component. VDB-212862 is the identifier assigned to this vulnerability. | ||||
CVE-2022-0829 | 1 Webmin | 1 Webmin | 2024-08-02 | 8.1 High |
Improper Authorization in GitHub repository webmin/webmin prior to 1.990. | ||||
CVE-2022-0824 | 1 Webmin | 1 Webmin | 2024-08-02 | 8.8 High |
Improper Access Control to Remote Code Execution in GitHub repository webmin/webmin prior to 1.990. | ||||
CVE-2023-52046 | 1 Webmin | 1 Webmin | 2024-08-02 | 4.8 Medium |
Cross Site Scripting vulnerability (XSS) in webmin v.2.105 and earlier allows a remote attacker to execute arbitrary code via a crafted payload to the "Execute cron job as" tab Input field. | ||||
CVE-2024-36450 | 1 Webmin | 1 Webmin | 2024-08-02 | 5.4 Medium |
Cross-site scripting vulnerability exists in sysinfo.cgi of Webmin versions prior to 1.910. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product. As a result, a session ID may be obtained, a webpage may be altered, or a server may be halted. | ||||
CVE-1999-1074 | 1 Webmin | 1 Webmin | 2024-08-01 | N/A |
Webmin before 0.5 does not restrict the number of invalid passwords that are entered for a valid username, which could allow remote attackers to gain privileges via brute force password cracking. |