Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Webmin
(Webmin)| Repositories | https://github.com/webmin/webmin |
| #Vulnerabilities | 88 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2017-07-04 | CVE-2017-9313 | Multiple Cross-site scripting (XSS) vulnerabilities in Webmin before 1.850 allow remote attackers to inject arbitrary web script or HTML via the sec parameter to view_man.cgi, the referers parameter to change_referers.cgi, or the name parameter to save_user.cgi. NOTE: these issues were not fixed in 1.840. | Webmin | 6.1 | ||
| 2017-04-28 | CVE-2017-2106 | Multiple cross-site scripting vulnerabilities in Webmin versions prior to 1.830 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | Webmin | 6.1 | ||
| 2017-12-30 | CVE-2017-17089 | custom/run.cgi in Webmin before 1.870 allows remote authenticated administrators to conduct XSS attacks via the description field in the custom command functionality. | Webmin | 4.8 | ||
| 2017-10-19 | CVE-2017-15646 | Webmin before 1.860 has XSS with resultant remote code execution. Under the 'Others/File Manager' menu, there is a 'Download from remote URL' option to download a file from a remote server. After setting up a malicious server, one can wait for a file download request and then send an XSS payload that will lead to Remote Code Execution, as demonstrated by an OS command in the value attribute of a name='cmd' input element. | Webmin | 6.1 | ||
| 2017-10-19 | CVE-2017-15645 | CSRF exists in Webmin 1.850. By sending a GET request to at/create_job.cgi containing dir=/&cmd= in the URI, an attacker to execute arbitrary commands. | Webmin | 8.8 | ||
| 2017-10-19 | CVE-2017-15644 | SSRF exists in Webmin 1.850 via the PATH_INFO to tunnel/link.cgi, as demonstrated by a GET request for tunnel/link.cgi/http://INTRANET-IP:8000. | Webmin | 8.6 | ||
| 2015-02-10 | CVE-2015-1377 | The Read Mail module in Webmin 1.720 allows local users to read arbitrary files via a symlink attack on an unspecified file. | Webmin | N/A | ||
| 2014-05-30 | CVE-2014-3924 | Multiple cross-site scripting (XSS) vulnerabilities in Webmin before 1.690 and Usermin before 1.600 allow remote attackers to inject arbitrary web script or HTML via vectors related to popup windows. | Userwin, Webmin | N/A | ||
| 2014-07-20 | CVE-2014-3886 | Cross-site scripting (XSS) vulnerability in Webmin before 1.690, when referrer checking is disabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this might overlap CVE-2014-3924. | Webmin | N/A | ||
| 2014-07-20 | CVE-2014-3885 | Cross-site scripting (XSS) vulnerability in Webmin before 1.690 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. NOTE: this might overlap CVE-2014-3924. | Webmin | N/A |