Vulnerabilities (CVE)

Filtered by vendor Webmin Subscribe
Total 102 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-41160 1 Webmin 1 Usermin 2024-02-28 N/A 5.4 MEDIUM
A Stored Cross-Site Scripting (XSS) vulnerability in the SSH configuration tab in Usermin 2.001 allows remote attackers to inject arbitrary web script or HTML via the key name field while adding an authorized key.
CVE-2023-40985 1 Webmin 1 Webmin 2024-02-28 N/A 5.4 MEDIUM
An issue was discovered in Webmin 2.100. The File Manager functionality allows an attacker to exploit a Cross-Site Scripting (XSS) vulnerability. By providing a malicious payload, an attacker can inject arbitrary code, which is then executed within the context of the victim's browser when any file is searched/replaced.
CVE-2023-41162 1 Webmin 1 Usermin 2024-02-28 N/A 6.1 MEDIUM
A Reflected Cross-site scripting (XSS) vulnerability in the file manager tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the file mask field while searching under the tools drop down.
CVE-2023-41153 1 Webmin 1 Usermin 2024-02-28 N/A 5.4 MEDIUM
A Stored Cross-Site Scripting (XSS) vulnerability in the SSH configuration tab in Usermin 2.001 allows remote attackers to inject arbitrary web script or HTML via options for the host value while editing the host options.
CVE-2023-41152 1 Webmin 1 Usermin 2024-02-28 N/A 5.4 MEDIUM
A Stored Cross-Site Scripting (XSS) vulnerability in the MIME type programs tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the handle program field while creating a new MIME type program.
CVE-2023-38311 1 Webmin 1 Webmin 2024-02-28 N/A 5.4 MEDIUM
An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the System Logs Viewer functionality. The vulnerability allows an attacker to store a malicious payload in the configuration field, triggering the execution of the payload when saving the configuration or when accessing the System Logs Viewer page.
CVE-2023-41155 1 Webmin 2 Usermin, Webmin 2024-02-28 N/A 5.4 MEDIUM
A Stored Cross-Site Scripting (XSS) vulnerability in the mail forwarding and replies tab in Webmin and Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the forward to field while creating a mail forwarding rule.
CVE-2023-40983 1 Webmin 1 Webmin 2024-02-28 N/A 6.1 MEDIUM
A reflected cross-site scripting (XSS) vulnerability in the File Manager function of Webmin v2.100 allows attackers to execute malicious scripts via injecting a crafted payload into the Find in Results file.
CVE-2023-38307 1 Webmin 1 Webmin 2024-02-28 N/A 5.4 MEDIUM
An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the Users and Groups functionality. The vulnerability occurs when an authenticated user adds a new user and inserts an XSS payload into the user's real name.
CVE-2023-41156 1 Webmin 1 Usermin 2024-02-28 N/A 5.4 MEDIUM
A Stored Cross-Site Scripting (XSS) vulnerability in the filter and forward mail tab in Usermin 2.001 allows remote attackers to inject arbitrary web script or HTML via the save to new folder named field while creating a new filter.
CVE-2023-38305 1 Webmin 1 Webmin 2024-02-28 N/A 6.1 MEDIUM
An issue was discovered in Webmin 2.021. The download functionality allows an attacker to exploit a Cross-Site Scripting (XSS) vulnerability. By providing a crafted download path containing a malicious payload, an attacker can inject arbitrary code, which is then executed within the context of the victim's browser when the download link is accessed.
CVE-2023-38308 1 Webmin 1 Webmin 2024-02-28 N/A 6.1 MEDIUM
An issue was discovered in Webmin 2.021. A Cross-Site Scripting (XSS) vulnerability was discovered in the HTTP Tunnel functionality when handling third-party domain URLs. By providing a crafted URL from a third-party domain, an attacker can inject malicious code. leading to the execution of arbitrary JavaScript code within the context of the victim's browser.
CVE-2023-41154 1 Webmin 1 Usermin 2024-02-28 N/A 5.4 MEDIUM
A Stored Cross-Site Scripting (XSS) vulnerability in the scheduled cron jobs tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the value field parameter while creating a new environment variable.
CVE-2023-41159 1 Webmin 1 Usermin 2024-02-28 N/A 5.4 MEDIUM
A Stored Cross-Site Scripting (XSS) vulnerability while editing the autoreply file page in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML by editing the forward file manually.
CVE-2023-38303 1 Webmin 1 Webmin 2024-02-28 N/A 5.4 MEDIUM
An issue was discovered in Webmin 2.021. One can exploit a stored Cross-Site Scripting (XSS) attack to achieve Remote Command Execution (RCE) through the Users and Group's real name parameter.
CVE-2022-36446 1 Webmin 1 Webmin 2024-02-28 N/A 9.8 CRITICAL
software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command.
CVE-2022-36880 1 Webmin 2 Usermin, Webmin 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
The Read Mail module in Webmin 1.995 and Usermin through 1.850 allows XSS via a crafted HTML e-mail message.
CVE-2022-35132 1 Webmin 1 Usermin 2024-02-28 N/A 8.8 HIGH
Usermin through 1.850 allows a remote authenticated user to execute OS commands via command injection in a filename for the GPG module.
CVE-2021-32161 1 Webmin 1 Webmin 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 through the File Manager feature.
CVE-2021-32158 1 Webmin 1 Webmin 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 via the Upload and Download feature.