Lucene search
K
WebminUsermin

22 matches found

CVE
CVE
added 2023/09/14 12:0 a.m.122 views

CVE-2023-41160

CVE-2023-41160 describes a stored XSS in the SSH configuration tab of Usermin 2.001 caused by injecting scripts or HTML through the key name field when adding an authorized key. The vulnerability is confirmed across multiple sources (NVD, Red Hat, CVE list, CNNSA-like feeds) with CVSSv3.1 base me...

5.4CVSS5.2AI score0.00475EPSS
CVE
CVE
added 2024/10/16 12:0 a.m.120 views

CVE-2024-44762

Summary: CVE-2024-44762 affects Webmin Usermin v2.100 and earlier; it enables attacker’s username enumeration through the password-change flow due to inconsistent error messages. What’s affected: Usermin 2.100 and below (password-change endpoint exposes observable differences in responses when us...

5.3CVSS7.1AI score0.02621EPSS
Web
CVE
CVE
added 2023/09/14 12:0 a.m.103 views

CVE-2023-41156

Usermin 2.001 has a Stored Cross-Site Scripting (XSS) vulnerability in the filter and forward mail tab, allowing remote attackers to inject arbitrary script/HTML via the "save to new folder named" field when creating a new filter. Root cause: unsanitized input on that field. Description is corrob...

5.4CVSS5.2AI score0.00421EPSS
CVE
CVE
added 2023/09/16 12:0 a.m.101 views

CVE-2023-41157

CVE-2023-41157 affects Usermin 2.000. The vulnerability is a stored XSS in the folder name parameter when creating folders, affecting the Folder/Filters/Forward Mail tabs. An attacker can inject arbitrary script/HTML by supplying crafted folder names. Root cause is improper handling/validation of...

5.4CVSS5.3AI score0.00397EPSS
CVE
CVE
added 2022/07/27 3:32 a.m.82 views

CVE-2022-36880

CVE-2022-36880 is supported by multiple connected sources: the Read Mail module in Webmin 1.995 and Usermin up to 1.850 is vulnerable to cross‑site scripting via a crafted HTML email message. The root cause is described as insufficient validation/filtering of user‑supplied/output data in the Read...

6.1CVSS5.7AI score0.00526EPSS
CVE
CVE
added 2024/07/10 7:2 a.m.75 views

CVE-2024-36453

CVE-2024-36453 is a cross-site scripting vulnerability in Webmin’s session_login.cgi affecting Webmin before 1.970 and Usermin before 1.820. Exploitation can cause arbitrary JavaScript execution in the victim’s browser, potentially altering pages or exposing credentials. Red Hat and OSV/other fee...

6.1CVSS6.2AI score0.004EPSS
CVE
CVE
added 2007/06/11 10:0 p.m.69 views

CVE-2007-3156

Webmin pam_login.cgi contains multiple XSS vulnerabilities (CVE-2007-3156) that allow remote attackers to inject arbitrary scripts if a user visits a crafted page. Affected are Webmin prior to 1.350 and Usermin prior to 1.280, where inputs in cid, message, or question are not properly sanitized. ...

4.3CVSS5.5AI score0.01569EPSS
CVE
CVE
added 2014/06/21 3:0 p.m.68 views

CVE-2014-3883

Usermin قبل الإصدار 1.600 يعاني من ثغرة حقن أوامر OS من جهة عميل بعيد عبر إجراء مستخدم، ما يسمح بتنفيذ أوامر عشوائية على النظام المستهدف. الإصلاح المستند إلى الوثائق هو التحديث إلى الإصدار 1.600 أو أحدث. التبعات المحتملة كما وردت في المصادر: إمكانية تنفيذ أوامر OS عندما يقوم المستخدم المسجل بتصرف...

6.8CVSS7.7AI score0.01295EPSS
CVE
CVE
added 2022/10/25 12:0 a.m.68 views

CVE-2022-35132

The CVE-2022-35132 vulnerability affects Webmin/Usermin (up to version 1.850). It allows a remote authenticated user to execute OS commands via command injection in a filename used by the GPG module. Root cause: improper handling of the GPG module filename enables command execution. Impact is hig...

8.8CVSS8.8AI score0.02799EPSS
CVE
CVE
added 2014/07/20 10:0 a.m.67 views

CVE-2014-3884

CVE-2014-3884 is an XSS vulnerability in Usermin prior to version 1.600 that allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. The entry notes potential overlap with CVE-2014-3924, but the provided documents do not specify exploit details, affected configurat...

4.3CVSS5.5AI score0.01351EPSS
CVE
CVE
added 2025/04/28 12:0 a.m.65 views

CVE-2015-2079

CVE-2015-2079 affects Webmin Usermin 0.980–1.x before 1.660. Root cause: the uconfig_save.cgi module uses the two-argument form of Perl open, enabling remote code execution (sig_file_free). Impact: remote code execution with high/critical potential. Affected software is Usermin; remediation is to...

9.9CVSS8AI score0.01004EPSS
CVE
CVE
added 2023/08/29 12:0 a.m.64 views

CVE-2023-41153

CVE-2023-41153 is a Stored Cross-Site Scripting (XSS) vulnerability in Webmin Usermin 2.001, exploitable through the SSH configuration tab. The issue arises from insufficient filtering/escaping of data when editing the host options, allowing an attacker to inject arbitrary script or HTML. Affecte...

5.4CVSS5.2AI score0.00431EPSS
CVE
CVE
added 2010/01/05 6:31 p.m.63 views

CVE-2009-4568

CVE-2009-4568 affects Webmin < 1.500 and Usermin

4.3CVSS5.6AI score0.01645EPSS
CVE
CVE
added 2023/09/13 12:0 a.m.60 views

CVE-2023-41155

CVE-2023-41155 is a stored XSS vulnerability in Webmin and Usermin 2.000 within the mail forwarding and replies tab. The issue allows remote attackers to inject arbitrary script/HTML via the forward-to field when creating a mail forwarding rule. Documents confirm the vulnerable component is the m...

5.4CVSS5.2AI score0.00431EPSS
CVE
CVE
added 2017/04/12 10:0 p.m.56 views

CVE-2016-4897

CVE-2016-4897 involves reflected cross-site scripting in Usermin before 1.690. The vulnerabilities affect the CGI endpoints /filter/save_forward.cgi, /filter/save.cgi, and /man/search.cgi, allowing an authenticated user’s browser to execute arbitrary script. The issue is confirmed across multiple...

6.1CVSS6.1AI score0.01114EPSS
CVE
CVE
added 2023/09/13 12:0 a.m.55 views

CVE-2023-41152

CVE-2023-41152 is a Stored Cross-Site Scripting (XSS) vulnerability in Usermin 2.000, specifically in the MIME type programs tab. The issue arises when creating a new MIME type program, where an attacker can inject arbitrary script/HTML via the handle program field. The linked sources (e.g., Red ...

5.4CVSS5.2AI score0.00422EPSS
CVE
CVE
added 2023/09/13 12:0 a.m.53 views

CVE-2023-41154

The CVE-2023-41154 issue affects Usermin 2.000, describing a Stored Cross‑Site Scripting (XSS) vulnerability in the scheduled cron jobs tab, exploitable via the value field when creating a new environment variable. The connected PT and vulnerability sources confirm this specific vector and provid...

5.4CVSS5.2AI score0.00397EPSS
CVE
CVE
added 2023/09/13 12:0 a.m.51 views

CVE-2023-41158

CVE-2023-41158 describes a Stored XSS in Webmin/Usermin 2.000, specifically in the MIME type programs tab. The vulnerability arises when creating a new MIME type program, where an attacker can inject arbitrary script/html via the description field. Impact is web UI XSS; exploitation status is not...

5.4CVSS5.2AI score0.00422EPSS
CVE
CVE
added 2023/09/07 12:0 a.m.51 views

CVE-2023-41161

CVE-2023-41161 involves multiple stored cross-site scripting (XSS) vulnerabilities in Usermin 2.000. The affected component is the Usermin web interface, with the vulnerability allowing a remote attacker to inject arbitrary web script or HTML through the key comment field on pages such as public ...

5.4CVSS5.3AI score0.00397EPSS
CVE
CVE
added 2008/02/12 1:0 a.m.50 views

CVE-2008-0720

Webmin 1.370 and 1.390 and Usermin 1.300 and 1.320 contain a cross-site scripting (XSS) vulnerability in the webmin_search.cgi component, exploitable via the search parameter. The issue may affect other components reachable through a search box or open file box. The vulnerability is publicly docu...

4.3CVSS5.9AI score0.01223EPSS
CVE
CVE
added 2023/09/13 12:0 a.m.48 views

CVE-2023-41162

CVE-2023-41162 refers to a reflected XSS in Webmin/Usermin 2.000, specifically in the File Manager tab where an attacker can inject arbitrary script/HTML via the file mask field during a search under the Tools drop-down. The vulnerability affects the file manager component and is categorized with...

6.1CVSS6AI score0.00424EPSS
CVE
CVE
added 2023/09/14 12:0 a.m.44 views

CVE-2023-41159

The CVE-2023-41159 entry describes a Stored Cross‑Site Scripting (XSS) in Webmin/Usermin 2.000, triggered when editing the autoreply/forward file (manually editing the forwarding file). The root cause is an XSS vulnerability in the autoreply/forward file editing flow, enabling an attacker to inje...

5.4CVSS5.2AI score0.00421EPSS