93 matches found
Virtualmin Cross-Site Scripting Vulnerability
Virtualmin is a powerful and flexible web hosting control panel for Linux and BSD systems from Virtualmin. A security vulnerability exists in Virtualmin version 7.7 that stems from a cross-site scripting XSS vulnerability in the Server Templates feature...
CVE-2023-47096
CVE-2023-47096 is a reflected XSS vulnerability in Virtualmin 7.7, affecting the Cloudmin Services Client under System Setting. The issue is triggered via the Cloudmin services master field, allowing an attacker to inject arbitrary web script/html. Several connected records corroborate the vulner...
CVE-2023-47097
The CVE-2023-47097 issue affects Virtualmin 7.7, specifically the Server Templates feature under System Settings. A Stored XSS can occur through the Template name field when creating server templates, enabling remote attackers to inject arbitrary script/HTML. Root cause: input handling in the Tem...
CVE-2023-47096
A Reflected Cross-Site Scripting XSS vulnerability in the Cloudmin Services Client under System Setting in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via the Cloudmin services master field...
Virtualmin Cross-Site Scripting Vulnerability
Virtualmin is a powerful and flexible web hosting control panel for Linux and BSD systems from Virtualmin. A security vulnerability exists in Virtualmin version 7.7 that stems from a cross-site scripting XSS vulnerability in the Create Virtual Server feature...
Virtualmin Cross-Site Scripting Vulnerability
Virtualmin is a powerful and flexible web hosting control panel for Linux and BSD systems from Virtualmin. A security vulnerability exists in Virtualmin version 7.7 that stems from a cross-site scripting XSS vulnerability in Cloudmin Services Client...
Virtualmin Cross-Site Scripting Vulnerability
Virtualmin is a powerful and flexible web hosting control panel for Linux and BSD systems from Virtualmin. A security vulnerability exists in Virtualmin version 7.7 that stems from a stored cross-site scripting XSS vulnerability in the Plan Name field...
CVE-2023-47098
A Stored Cross-Site Scripting XSS vulnerability in the Manage Extra Admins under Administration Options in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via the real name or description field...
CVE-2023-47094
A Stored Cross-Site Scripting XSS vulnerability in the Account Plans tab of System Settings in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via the Plan name field while editing Account plan details...
PT-2023-30305 · Unknown · Virtualmin
Name of the Vulnerable Software and Affected Versions: Virtualmin version 7.7 Description: A Stored Cross-Site Scripting XSS issue in the Server Template under System Setting in Virtualmin allows remote attackers to inject arbitrary web script or HTML via the Template name field while creating...
CVE-2023-47094
CVE-2023-47094 is a Stored Cross-Site Scripting (XSS) vulnerability in Virtualmin 7.7, affecting the Account Plans tab in System Settings. The issue allows remote attackers to inject arbitrary web script/HTML through the Plan name field while editing Account plan details. The available documents ...
PT-2023-30307 · Unknown · Virtualmin
Name of the Vulnerable Software and Affected Versions: Virtualmin version 7.7 Description: A Stored Cross-Site Scripting XSS issue in the Create Virtual Server functionality of Virtualmin allows remote attackers to inject arbitrary web script or HTML via the Description field while creating the...
CVE-2023-47095
CVE-2023-47095 is a stored XSS vulnerability affecting Virtualmin 7.7 in the Custom fields of Edit Virtual Server under System Customization. The issue allows remote attackers to inject arbitrary web script or HTML via the Batch Label field. The available sources describe the affected product and...
CVE-2023-47098
CVE-2023-47098 affects Virtualmin 7.7: a Stored Cross-Site Scripting (XSS) vulnerability in the Manage Extra Admins feature under Administration Options, exploitable via the real name or description field. The documentation consistently states the issue as a stored XSS without detailing exploit v...
CVE-2023-47099
CVE-2023-47099 is a stored XSS in Virtualmin’s Create Virtual Server feature affecting Virtualmin 7.7. The vulnerability stems from insufficient sanitization of the Description field during Virtual Server creation, allowing remote attackers to inject arbitrary script/HTML. Impact is XSS in the se...
CVE-2023-47099
A Stored Cross-Site Scripting XSS vulnerability in the Create Virtual Server in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via Description field while creating the Virtual server...
Virtualmin Cross-Site Scripting Vulnerability
Virtualmin is a powerful and flexible web hosting control panel for Linux and BSD systems from Virtualmin. A security vulnerability exists in Virtualmin version 7.7 that stems from a cross-site scripting XSS vulnerability in the Custom Fields feature...
SUSE CVE-2017-8114
Roundcube Webmail allows arbitrary password resets by authenticated users. This affects versions before 1.0.11, 1.1.x before 1.1.9, and 1.2.x before 1.2.5. The problem is caused by an improperly restricted exec call in the virtualmin and sasl drivers of the password plugin...
Webmin 安全漏洞
Webmin is a set of Web-based system administration tools for Unix-like operating systems from the Webmin community. A security vulnerability exists in Webmin version 1.991 and prior versions, which stems from settings-editorwrite.cgi not properly restricting the file parameter, leading to remote...
Arbitrary Password Reset
Roundcube is vulnerable to arbitrary password resets. The vulnerability existed because of an improperly restricted exec call in the virtualmin and sasl drivers of the password plugin...