NotCVE - vendor:"Webmin" product:"Usermin" version:"1.490"

5 results (0.008 seconds)

CVSS: 9.0EPSS: 3%CPEs: 1EXPL: 1

CVE-2022-35132

https://notcve.org/view.php?id=CVE-2022-35132

25 Oct 2022 — Usermin through 1.850 allows a remote authenticated user to execute OS commands via command injection in a filename for the GPG module. Usermin versiones hasta 1.850, permite a un usuario remoto autenticado ejecutar comandos del Sistema Operativo por medio de una inyección de comandos en un nombre de archivo del módulo GPG • https://github.com/ly1g3/webmin-usermin-vulnerabilities • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0

CVE-2022-36880

https://notcve.org/view.php?id=CVE-2022-36880

27 Jul 2022 — The Read Mail module in Webmin 1.995 and Usermin through 1.850 allows XSS via a crafted HTML e-mail message. El módulo Read Mail de Webmin 1.995 y Usermin hasta 1.850 permite un ataque de tipo XSS por medio de un mensaje de correo electrónico HTML diseñado • https://www.webmin.com/security.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2016-4897

https://notcve.org/view.php?id=CVE-2016-4897

12 Apr 2017 — Multiple cross-site scripting (XSS) vulnerabilities in (1) filter/save_forward.cgi, (2) filter/save.cgi, (3) /man/search.cgi in Usermin before 1.690. Múltiples vulnerabilidades (XSS) en (1) filter/save_forward.cgi, (2) filter/save.cgi, (3) /man/search.cgi en Usermin en versiones anteriores a 1.690. • http://jvn.jp/en/jp/JVN32504719/index.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 76EXPL: 0

CVE-2014-3884

https://notcve.org/view.php?id=CVE-2014-3884

20 Jul 2014 — Cross-site scripting (XSS) vulnerability in Usermin before 1.600 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this might overlap CVE-2014-3924. Vulnerabilidad de XSS en Usermin anterior a 1.600 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. NOTA: esto podría solarse con CVE-2014-3924. • http://jvn.jp/en/jp/JVN92737498/index.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.4EPSS: 0%CPEs: 76EXPL: 0

CVE-2014-3883

https://notcve.org/view.php?id=CVE-2014-3883

21 Jun 2014 — Usermin before 1.600 allows remote attackers to execute arbitrary operating-system commands via unspecified vectors related to a user action. Usermin anterior a 1.600 permite a atacantes remotos ejecutar comandos arbitrarios del sistema operativo a través de vectores no especificados relacionados con una acción del usuario. • http://jvn.jp/en/jp/JVN48805624/index.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •