14 matches found
CVE-2026-49102
Webmin before 2.640 allows mailboxes/detach.cgi XSS via an SVG document attachment that is viewed in the mailboxes component, because image/svg+xml is used instead of a safe type e.g., text/plain...
CVE-2025-61541
Webmin 2.510 is vulnerable to a Host Header Injection in the password reset functionality forgotsend.cgi. The reset link sent to users is constructed using the HTTP Host header via getwebminemailurl. An attacker can manipulate the Host header to inject a malicious domain into the reset email. If ...
CVE-2025-61541
Webmin 2.510 is affected by CVE-2025-61541 due to a Host Header Injection in forgot_send.cgi. The reset link is constructed using the HTTP Host header via get_webmin_email_url(), allowing an attacker to inject a malicious domain into the password reset email. If a victim clicks the poisoned link,...
EUVD-2020-23425
Malware in sbrugna...
EUVD-2023-45523
Malicious code in bioql PyPI...
PT-2024-5727 · Webmin +2 · Webmin +2
Name of the Vulnerable Software and Affected Versions: Webmin versions prior to 1.970 Usermin versions prior to 1.820 Description: A cross-site scripting issue exists due to inadequate protection of the webpage structure in the session login.cgi script of Webmin and Usermin. This can be exploited...
CVE-2023-40982
A stored cross-site scripting XSS vulnerability in Webmin v2.100 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cloned module name parameter...
Usermin Cross-Site Scripting Vulnerability
Webmin Usermin is a web-based interface from Webmin Inc. It is used for webmail, password change, mail filters, fetchmail, and more. A cross-site scripting vulnerability exists in Usermin version 2.001, which arises from a security issue when editing the autoreply file page and allows remote...
PT-2023-27729 · Webmin · Webmin
Name of the Vulnerable Software and Affected Versions: Webmin version 2.100 Description: A stored cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cloned module name parameter. This enables attackers to potentially...
PT-2023-4160 · Webmin +1 · Webmin +1
Name of the Vulnerable Software and Affected Versions: Webmin version 2.021 Description: A Cross-site Scripting XSS Bypass vulnerability was discovered in the file upload functionality of Webmin. Normally, the application restricts the upload of certain file types such as .svg, .php, etc., and...
Webmin Package Updates Command Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Webmin Package Updates RCE', 'Description' = %q This module exploits an arbitrary command injection in Webmin versions prior to 1.997. Webmin use...
Webmin 跨站脚本漏洞
Webmin is the Webmin community's set of Web-based system management tools for Unix-like operating systems. version 1.973 of Webmin contains a cross-site scripting vulnerability that stems from a lack of filtering and escaping in the scheduled Cron jobs feature. An attacker could use this...
Exploit for OS Command Injection in Webmin
CVE-2019-15107 Webmin RCE Error - Perl execution Failed Your...
CVE-2002-2360
The RPC module in Webmin 0.21 through 0.99, when installed without root or admin privileges, allows remote attackers to read and write to arbitrary files and execute arbitrary commands via remoteforeignrequire and remoteforeigncall requests...