Filtered by vendor Webmin Subscriptions
Filtered by product Webmin Subscriptions
Total 88 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2022-36446 1 Webmin 1 Webmin 2024-08-03 9.8 Critical
software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command.
CVE-2022-30708 1 Webmin 1 Webmin 2024-08-03 8.8 High
Webmin through 1.991, when the Authentic theme is used, allows remote code execution when a user has been manually created (i.e., not created in Virtualmin or Cloudmin). This occurs because settings-editor_write.cgi does not properly restrict the file parameter.
CVE-2022-3844 1 Webmin 1 Webmin 2024-08-03 3.5 Low
A vulnerability, which was classified as problematic, was found in Webmin 2.001. Affected is an unknown function of the file xterm/index.cgi. The manipulation leads to basic cross site scripting. It is possible to launch the attack remotely. Upgrading to version 2.003 is able to address this issue. The patch is identified as d3d33af3c0c3fd3a889c84e287a038b7a457d811. It is recommended to upgrade the affected component. VDB-212862 is the identifier assigned to this vulnerability.
CVE-2022-0829 1 Webmin 1 Webmin 2024-08-02 8.1 High
Improper Authorization in GitHub repository webmin/webmin prior to 1.990.
CVE-2022-0824 1 Webmin 1 Webmin 2024-08-02 8.8 High
Improper Access Control to Remote Code Execution in GitHub repository webmin/webmin prior to 1.990.
CVE-2023-52046 1 Webmin 1 Webmin 2024-08-02 4.8 Medium
Cross Site Scripting vulnerability (XSS) in webmin v.2.105 and earlier allows a remote attacker to execute arbitrary code via a crafted payload to the "Execute cron job as" tab Input field.
CVE-2024-36450 1 Webmin 1 Webmin 2024-08-02 5.4 Medium
Cross-site scripting vulnerability exists in sysinfo.cgi of Webmin versions prior to 1.910. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product. As a result, a session ID may be obtained, a webpage may be altered, or a server may be halted.
CVE-1999-1074 1 Webmin 1 Webmin 2024-08-01 N/A
Webmin before 0.5 does not restrict the number of invalid passwords that are entered for a valid username, which could allow remote attackers to gain privileges via brute force password cracking.