22 matches found
CVE-2023-41160
CVE-2023-41160 describes a stored XSS in the SSH configuration tab of Usermin 2.001 caused by injecting scripts or HTML through the key name field when adding an authorized key. The vulnerability is confirmed across multiple sources (NVD, Red Hat, CVE list, CNNSA-like feeds) with CVSSv3.1 base me...
CVE-2024-44762
Summary: CVE-2024-44762 affects Webmin Usermin v2.100 and earlier; it enables attacker’s username enumeration through the password-change flow due to inconsistent error messages. What’s affected: Usermin 2.100 and below (password-change endpoint exposes observable differences in responses when us...
CVE-2023-41156
Usermin 2.001 has a Stored Cross-Site Scripting (XSS) vulnerability in the filter and forward mail tab, allowing remote attackers to inject arbitrary script/HTML via the "save to new folder named" field when creating a new filter. Root cause: unsanitized input on that field. Description is corrob...
CVE-2023-41157
CVE-2023-41157 affects Usermin 2.000. The vulnerability is a stored XSS in the folder name parameter when creating folders, affecting the Folder/Filters/Forward Mail tabs. An attacker can inject arbitrary script/HTML by supplying crafted folder names. Root cause is improper handling/validation of...
CVE-2022-36880
CVE-2022-36880 is supported by multiple connected sources: the Read Mail module in Webmin 1.995 and Usermin up to 1.850 is vulnerable to cross‑site scripting via a crafted HTML email message. The root cause is described as insufficient validation/filtering of user‑supplied/output data in the Read...
CVE-2024-36453
CVE-2024-36453 is a cross-site scripting vulnerability in Webmin’s session_login.cgi affecting Webmin before 1.970 and Usermin before 1.820. Exploitation can cause arbitrary JavaScript execution in the victim’s browser, potentially altering pages or exposing credentials. Red Hat and OSV/other fee...
CVE-2007-3156
Webmin pam_login.cgi contains multiple XSS vulnerabilities (CVE-2007-3156) that allow remote attackers to inject arbitrary scripts if a user visits a crafted page. Affected are Webmin prior to 1.350 and Usermin prior to 1.280, where inputs in cid, message, or question are not properly sanitized. ...
CVE-2014-3883
Usermin قبل الإصدار 1.600 يعاني من ثغرة حقن أوامر OS من جهة عميل بعيد عبر إجراء مستخدم، ما يسمح بتنفيذ أوامر عشوائية على النظام المستهدف. الإصلاح المستند إلى الوثائق هو التحديث إلى الإصدار 1.600 أو أحدث. التبعات المحتملة كما وردت في المصادر: إمكانية تنفيذ أوامر OS عندما يقوم المستخدم المسجل بتصرف...
CVE-2022-35132
The CVE-2022-35132 vulnerability affects Webmin/Usermin (up to version 1.850). It allows a remote authenticated user to execute OS commands via command injection in a filename used by the GPG module. Root cause: improper handling of the GPG module filename enables command execution. Impact is hig...
CVE-2014-3884
CVE-2014-3884 is an XSS vulnerability in Usermin prior to version 1.600 that allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. The entry notes potential overlap with CVE-2014-3924, but the provided documents do not specify exploit details, affected configurat...
CVE-2015-2079
CVE-2015-2079 affects Webmin Usermin 0.980–1.x before 1.660. Root cause: the uconfig_save.cgi module uses the two-argument form of Perl open, enabling remote code execution (sig_file_free). Impact: remote code execution with high/critical potential. Affected software is Usermin; remediation is to...
CVE-2009-4568
CVE-2009-4568 affects Webmin < 1.500 and Usermin
CVE-2023-41153
CVE-2023-41153 is a Stored Cross-Site Scripting (XSS) vulnerability in Webmin Usermin 2.001, exploitable through the SSH configuration tab. The issue arises from insufficient filtering/escaping of data when editing the host options, allowing an attacker to inject arbitrary script or HTML. Affecte...
CVE-2023-41155
CVE-2023-41155 is a stored XSS vulnerability in Webmin and Usermin 2.000 within the mail forwarding and replies tab. The issue allows remote attackers to inject arbitrary script/HTML via the forward-to field when creating a mail forwarding rule. Documents confirm the vulnerable component is the m...
CVE-2016-4897
CVE-2016-4897 involves reflected cross-site scripting in Usermin before 1.690. The vulnerabilities affect the CGI endpoints /filter/save_forward.cgi, /filter/save.cgi, and /man/search.cgi, allowing an authenticated user’s browser to execute arbitrary script. The issue is confirmed across multiple...
CVE-2023-41152
CVE-2023-41152 is a Stored Cross-Site Scripting (XSS) vulnerability in Usermin 2.000, specifically in the MIME type programs tab. The issue arises when creating a new MIME type program, where an attacker can inject arbitrary script/HTML via the handle program field. The linked sources (e.g., Red ...
CVE-2023-41154
The CVE-2023-41154 issue affects Usermin 2.000, describing a Stored Cross‑Site Scripting (XSS) vulnerability in the scheduled cron jobs tab, exploitable via the value field when creating a new environment variable. The connected PT and vulnerability sources confirm this specific vector and provid...
CVE-2023-41158
CVE-2023-41158 describes a Stored XSS in Webmin/Usermin 2.000, specifically in the MIME type programs tab. The vulnerability arises when creating a new MIME type program, where an attacker can inject arbitrary script/html via the description field. Impact is web UI XSS; exploitation status is not...
CVE-2023-41161
CVE-2023-41161 involves multiple stored cross-site scripting (XSS) vulnerabilities in Usermin 2.000. The affected component is the Usermin web interface, with the vulnerability allowing a remote attacker to inject arbitrary web script or HTML through the key comment field on pages such as public ...
CVE-2008-0720
Webmin 1.370 and 1.390 and Usermin 1.300 and 1.320 contain a cross-site scripting (XSS) vulnerability in the webmin_search.cgi component, exploitable via the search parameter. The issue may affect other components reachable through a search box or open file box. The vulnerability is publicly docu...
CVE-2023-41162
CVE-2023-41162 refers to a reflected XSS in Webmin/Usermin 2.000, specifically in the File Manager tab where an attacker can inject arbitrary script/HTML via the file mask field during a search under the Tools drop-down. The vulnerability affects the file manager component and is categorized with...
CVE-2023-41159
The CVE-2023-41159 entry describes a Stored Cross‑Site Scripting (XSS) in Webmin/Usermin 2.000, triggered when editing the autoreply/forward file (manually editing the forwarding file). The root cause is an XSS vulnerability in the autoreply/forward file editing flow, enabling an attacker to inje...