Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Webmin
(Webmin)| Repositories | https://github.com/webmin/webmin |
| #Vulnerabilities | 88 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-04-11 | CVE-2021-32156 | A cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 via the Scheduled Cron Jobs feature. | Webmin | 8.8 | ||
| 2022-04-11 | CVE-2021-32157 | A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 via the Scheduled Cron Jobs feature. | Webmin | 9.6 | ||
| 2022-04-11 | CVE-2021-32158 | A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 via the Upload and Download feature. | Webmin | 6.1 | ||
| 2022-04-11 | CVE-2021-32159 | A Cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 via the Upload and Download feature. | Webmin | 8.8 | ||
| 2022-04-11 | CVE-2021-32160 | A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 through the Add Users feature. | Webmin | 6.1 | ||
| 2022-04-11 | CVE-2021-32161 | A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 through the File Manager feature. | Webmin | 6.1 | ||
| 2022-04-11 | CVE-2021-32162 | A Cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 through the File Manager feature. | Webmin | 8.8 | ||
| 2022-05-15 | CVE-2022-30708 | Webmin through 1.991, when the Authentic theme is used, allows remote code execution when a user has been manually created (i.e., not created in Virtualmin or Cloudmin). This occurs because settings-editor_write.cgi does not properly restrict the file parameter. | Webmin | 8.8 | ||
| 2022-07-25 | CVE-2022-36446 | software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command. | Webmin | 9.8 | ||
| 2022-07-27 | CVE-2022-36880 | The Read Mail module in Webmin 1.995 and Usermin through 1.850 allows XSS via a crafted HTML e-mail message. | Usermin, Webmin | 6.1 |