CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-45692
https://notcve.org/view.php?id=CVE-2024-45692
04 Sep 2024 — Webmin before 2.202 and Virtualmin before 7.20.2 allow a network traffic loop via spoofed UDP packets on port 10000. • https://cispa.de/en/loop-dos • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-47094
https://notcve.org/view.php?id=CVE-2023-47094
31 Oct 2023 — A Stored Cross-Site Scripting (XSS) vulnerability in the Account Plans tab of System Settings in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via the Plan name field while editing Account plan details. Una vulnerabilidad de Cross-Site Scripting (XSS) Almacenada en Account Plans pestaña de System Settings en Virtualmin 7.7 permite a atacantes remotos inyectar script web o HTML arbitrario a través del campo nombre del Plan mientras editan los detalles del plan de Cuenta. • https://github.com/pavanughade43/Virtualmin-7.7/blob/main/CVE-2023-47094 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-47095
https://notcve.org/view.php?id=CVE-2023-47095
31 Oct 2023 — A Stored Cross-Site Scripting (XSS) vulnerability in the Custom fields of Edit Virtual Server under System Customization in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via the Batch Label field while details of Virtual Server. Una vulnerabilidad de Cross-Site Scripting (XSS) Almacenada en Custom fields de Edit Virtual Server bajo System Customization en Virtualmin 7.7 permite a atacantes remotos inyectar script web o HTML arbitrario a través del campo Etiqueta de Lote mient... • https://github.com/pavanughade43/Virtualmin-7.7/blob/main/CVE-2023-47095 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-47096
https://notcve.org/view.php?id=CVE-2023-47096
31 Oct 2023 — A Reflected Cross-Site Scripting (XSS) vulnerability in the Cloudmin Services Client under System Setting in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via the Cloudmin services master field. Una vulnerabilidad de Cross-Site Scripting (XSS) Reflejada en Cloudmin Services Client bajo System Setting en Virtualmin 7.7 permite a atacantes remotos inyectar script web o HTML arbitrario a través del campo maestro de servicios Cloudmin. • https://github.com/pavanughade43/Virtualmin-7.7/blob/main/CVE-2023-47096 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-47097
https://notcve.org/view.php?id=CVE-2023-47097
31 Oct 2023 — A Stored Cross-Site Scripting (XSS) vulnerability in the Server Template under System Setting in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via the Template name field while creating server templates. Una vulnerabilidad de Cross-Site Scripting (XSS) Almacenada en Server Template bajo System Setting en Virtualmin 7.7 permite a atacantes remotos inyectar script web o HTML arbitrario a través del campo nombre de la Plantilla mientras crean plantillas de servidor. • https://github.com/pavanughade43/Virtualmin-7.7/blob/main/CVE-2023-47097 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-47098
https://notcve.org/view.php?id=CVE-2023-47098
31 Oct 2023 — A Stored Cross-Site Scripting (XSS) vulnerability in the Manage Extra Admins under Administration Options in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via the real name or description field. Una vulnerabilidad de Cross-Site Scripting (XSS) Almacenada en Manage Extra Admins bajo Administration Options en Virtualmin 7.7 permite a atacantes remotos inyectar script web o HTML arbitrarion a través del nombre real o el campo de descripción. • https://github.com/pavanughade43/Virtualmin-7.7/blob/main/CVE-2023-47098 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-47099
https://notcve.org/view.php?id=CVE-2023-47099
31 Oct 2023 — A Stored Cross-Site Scripting (XSS) vulnerability in the Create Virtual Server in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via Description field while creating the Virtual server. Una vulnerabilidad de Cross-Site Scripting (XSS) Almacenada en Create Virtual Server en Virtualmin 7.7 permite a atacantes remotos inyectar script web o HTML arbitrario a través del campo Descripción mientras crean el servidor Virtual. • https://github.com/pavanughade43/Virtualmin-7.7/blob/main/CVE-2023-47099 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-18207
https://notcve.org/view.php?id=CVE-2018-18207
10 Oct 2018 — Virtualmin 6.03 allows Frame Injection via the settings-editor_read.cgi file parameter. Virtualmin 6.03 permite la inyección de tramas mediante el parámetro file en settings-editor_read.cgi. • https://0day.today/exploit/description/31282 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-18208
https://notcve.org/view.php?id=CVE-2018-18208
10 Oct 2018 — Virtualmin 6.03 allows XSS via the query string, as demonstrated by the webmin_search.cgi URI. Virtualmin 6.03 permite Cross-Site Scripting (XSS) mediante la cadena query, tal y como queda demostrado con el URI webmin_search.cgi. • https://0day.today/exploit/description/31282 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •