13 matches found
CVE-2022-36446
software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command.
CVE-2022-0824
Improper Access Control to Remote Code Execution in GitHub repository webmin/webmin prior to 1.990.
CVE-2022-0829
Improper Authorization in GitHub repository webmin/webmin prior to 1.990.
CVE-2022-30708
Webmin through 1.991, when the Authentic theme is used, allows remote code execution when a user has been manually created (i.e., not created in Virtualmin or Cloudmin). This occurs because settings-editor_write.cgi does not properly restrict the file parameter.
CVE-2021-32162
A Cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 through the File Manager feature.
CVE-2021-32158
A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 via the Upload and Download feature.
CVE-2021-32161
A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 through the File Manager feature.
CVE-2021-32157
A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 via the Scheduled Cron Jobs feature.
CVE-2022-36880
The Read Mail module in Webmin 1.995 and Usermin through 1.850 allows XSS via a crafted HTML e-mail message.
CVE-2021-32160
A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 through the Add Users feature.
CVE-2021-32159
A Cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 via the Upload and Download feature.
CVE-2022-3844
A vulnerability, which was classified as problematic, was found in Webmin 2.001. Affected is an unknown function of the file xterm/index.cgi. The manipulation leads to basic cross site scripting. It is possible to launch the attack remotely. Upgrading to version 2.003 is able to address this issue....
CVE-2021-32156
A cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 via the Scheduled Cron Jobs feature.