Filtered by vendor Webmin
Subscribe
Total
102 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-41152 | 1 Webmin | 1 Usermin | 2024-02-28 | N/A | 5.4 MEDIUM |
| A Stored Cross-Site Scripting (XSS) vulnerability in the MIME type programs tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the handle program field while creating a new MIME type program. | |||||
| CVE-2023-38311 | 1 Webmin | 1 Webmin | 2024-02-28 | N/A | 5.4 MEDIUM |
| An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the System Logs Viewer functionality. The vulnerability allows an attacker to store a malicious payload in the configuration field, triggering the execution of the payload when saving the configuration or when accessing the System Logs Viewer page. | |||||
| CVE-2023-41155 | 1 Webmin | 2 Usermin, Webmin | 2024-02-28 | N/A | 5.4 MEDIUM |
| A Stored Cross-Site Scripting (XSS) vulnerability in the mail forwarding and replies tab in Webmin and Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the forward to field while creating a mail forwarding rule. | |||||
| CVE-2023-40983 | 1 Webmin | 1 Webmin | 2024-02-28 | N/A | 6.1 MEDIUM |
| A reflected cross-site scripting (XSS) vulnerability in the File Manager function of Webmin v2.100 allows attackers to execute malicious scripts via injecting a crafted payload into the Find in Results file. | |||||
| CVE-2023-38307 | 1 Webmin | 1 Webmin | 2024-02-28 | N/A | 5.4 MEDIUM |
| An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the Users and Groups functionality. The vulnerability occurs when an authenticated user adds a new user and inserts an XSS payload into the user's real name. | |||||
| CVE-2023-41156 | 1 Webmin | 1 Usermin | 2024-02-28 | N/A | 5.4 MEDIUM |
| A Stored Cross-Site Scripting (XSS) vulnerability in the filter and forward mail tab in Usermin 2.001 allows remote attackers to inject arbitrary web script or HTML via the save to new folder named field while creating a new filter. | |||||
| CVE-2023-38305 | 1 Webmin | 1 Webmin | 2024-02-28 | N/A | 6.1 MEDIUM |
| An issue was discovered in Webmin 2.021. The download functionality allows an attacker to exploit a Cross-Site Scripting (XSS) vulnerability. By providing a crafted download path containing a malicious payload, an attacker can inject arbitrary code, which is then executed within the context of the victim's browser when the download link is accessed. | |||||
| CVE-2023-38308 | 1 Webmin | 1 Webmin | 2024-02-28 | N/A | 6.1 MEDIUM |
| An issue was discovered in Webmin 2.021. A Cross-Site Scripting (XSS) vulnerability was discovered in the HTTP Tunnel functionality when handling third-party domain URLs. By providing a crafted URL from a third-party domain, an attacker can inject malicious code. leading to the execution of arbitrary JavaScript code within the context of the victim's browser. | |||||
| CVE-2023-41154 | 1 Webmin | 1 Usermin | 2024-02-28 | N/A | 5.4 MEDIUM |
| A Stored Cross-Site Scripting (XSS) vulnerability in the scheduled cron jobs tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the value field parameter while creating a new environment variable. | |||||
| CVE-2023-41159 | 1 Webmin | 1 Usermin | 2024-02-28 | N/A | 5.4 MEDIUM |
| A Stored Cross-Site Scripting (XSS) vulnerability while editing the autoreply file page in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML by editing the forward file manually. | |||||
| CVE-2023-38303 | 1 Webmin | 1 Webmin | 2024-02-28 | N/A | 5.4 MEDIUM |
| An issue was discovered in Webmin 2.021. One can exploit a stored Cross-Site Scripting (XSS) attack to achieve Remote Command Execution (RCE) through the Users and Group's real name parameter. | |||||
| CVE-2022-36446 | 1 Webmin | 1 Webmin | 2024-02-28 | N/A | 9.8 CRITICAL |
| software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command. | |||||
| CVE-2022-36880 | 1 Webmin | 2 Usermin, Webmin | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Read Mail module in Webmin 1.995 and Usermin through 1.850 allows XSS via a crafted HTML e-mail message. | |||||
| CVE-2022-35132 | 1 Webmin | 1 Usermin | 2024-02-28 | N/A | 8.8 HIGH |
| Usermin through 1.850 allows a remote authenticated user to execute OS commands via command injection in a filename for the GPG module. | |||||
| CVE-2021-32161 | 1 Webmin | 1 Webmin | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 through the File Manager feature. | |||||
| CVE-2021-32158 | 1 Webmin | 1 Webmin | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 via the Upload and Download feature. | |||||
| CVE-2021-32162 | 1 Webmin | 1 Webmin | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
| A Cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 through the File Manager feature. | |||||
| CVE-2022-0824 | 1 Webmin | 1 Webmin | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
| Improper Access Control to Remote Code Execution in GitHub repository webmin/webmin prior to 1.990. | |||||
| CVE-2021-32160 | 1 Webmin | 1 Webmin | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 through the Add Users feature. | |||||
| CVE-2021-32159 | 1 Webmin | 1 Webmin | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
| A Cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 via the Upload and Download feature. | |||||