CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41162
https://notcve.org/view.php?id=CVE-2023-41162
13 Sep 2023 — A Reflected Cross-site scripting (XSS) vulnerability in the file manager tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the file mask field while searching under the tools drop down. Una vulnerabilidad de Cross-Site Scripting (XSS) Reflejada en la pestaña del administrador de archivos en Usermin 2.000 permite a atacantes remotos inyectar scripts web o HTML arbitrarias a través del campo de máscara de archivos mientras buscan en el menú desplegable de herramientas. • https://github.com/shindeanik/Usermin-2.000/blob/main/CVE-2023-41162 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41161
https://notcve.org/view.php?id=CVE-2023-41161
07 Sep 2023 — Multiple stored cross-site scripting (XSS) vulnerabilities in Usermin 2.000 allow remote attackers to inject arbitrary web script or HTML via the key comment to different pages such as public key details, Export key, sign key, send to key server page, and fetch from key server page tab. Múltiples vulnerabilidades de Cross-Site Scripting (XSS) almacenadas en Usermin 2.000 permite a atacantes remotos inyectar script web o HTML arbitrarios mediante a través del comentario de la clave a diferentes páginas, como... • https://github.com/shindeanik/Usermin-2.000/blob/main/CVE-2023-41161 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41153
https://notcve.org/view.php?id=CVE-2023-41153
29 Aug 2023 — A Stored Cross-Site Scripting (XSS) vulnerability in the SSH configuration tab in Usermin 2.001 allows remote attackers to inject arbitrary web script or HTML via options for the host value while editing the host options. • https://github.com/shindeanik/Usermin-2.001/blob/main/CVE-2023-41153 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 3%CPEs: 1EXPL: 1CVE-2022-35132
https://notcve.org/view.php?id=CVE-2022-35132
25 Oct 2022 — Usermin through 1.850 allows a remote authenticated user to execute OS commands via command injection in a filename for the GPG module. Usermin versiones hasta 1.850, permite a un usuario remoto autenticado ejecutar comandos del Sistema Operativo por medio de una inyección de comandos en un nombre de archivo del módulo GPG • https://github.com/ly1g3/webmin-usermin-vulnerabilities • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-36880
https://notcve.org/view.php?id=CVE-2022-36880
27 Jul 2022 — The Read Mail module in Webmin 1.995 and Usermin through 1.850 allows XSS via a crafted HTML e-mail message. El módulo Read Mail de Webmin 1.995 y Usermin hasta 1.850 permite un ataque de tipo XSS por medio de un mensaje de correo electrónico HTML diseñado • https://www.webmin.com/security.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4897
https://notcve.org/view.php?id=CVE-2016-4897
12 Apr 2017 — Multiple cross-site scripting (XSS) vulnerabilities in (1) filter/save_forward.cgi, (2) filter/save.cgi, (3) /man/search.cgi in Usermin before 1.690. Múltiples vulnerabilidades (XSS) en (1) filter/save_forward.cgi, (2) filter/save.cgi, (3) /man/search.cgi en Usermin en versiones anteriores a 1.690. • http://jvn.jp/en/jp/JVN32504719/index.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 76EXPL: 0CVE-2014-3884
https://notcve.org/view.php?id=CVE-2014-3884
20 Jul 2014 — Cross-site scripting (XSS) vulnerability in Usermin before 1.600 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this might overlap CVE-2014-3924. Vulnerabilidad de XSS en Usermin anterior a 1.600 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. NOTA: esto podría solarse con CVE-2014-3924. • http://jvn.jp/en/jp/JVN92737498/index.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.4EPSS: 0%CPEs: 76EXPL: 0CVE-2014-3883
https://notcve.org/view.php?id=CVE-2014-3883
21 Jun 2014 — Usermin before 1.600 allows remote attackers to execute arbitrary operating-system commands via unspecified vectors related to a user action. Usermin anterior a 1.600 permite a atacantes remotos ejecutar comandos arbitrarios del sistema operativo a través de vectores no especificados relacionados con una acción del usuario. • http://jvn.jp/en/jp/JVN48805624/index.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.1EPSS: 0%CPEs: 115EXPL: 0CVE-2009-4568
https://notcve.org/view.php?id=CVE-2009-4568
05 Jan 2010 — Cross-site scripting (XSS) vulnerability in Webmin before 1.500 and Usermin before 1.430 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Webmin anterior a 1.500 y Usermin anterior a 1.430, permite a atacantes remotos inyectar secuencias de comandos Web o HTML de su elección a través de vectores no especificados. • http://secunia.com/advisories/37648 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2008-0720
https://notcve.org/view.php?id=CVE-2008-0720
12 Feb 2008 — Cross-site scripting (XSS) vulnerability in Webmin 1.370 and 1.390 and Usermin 1.300 and 1.320 allows remote attackers to inject arbitrary web script or HTML via the search parameter to webmin_search.cgi (aka the search section), and possibly other components accessed through a "search box" or "open file box." NOTE: some of these details are obtained from third party information. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Webmin 1.370 y 1.390 y Usermin 1.300 y 1.320. Permite a atac... • http://forum.aria-security.net/showthread.php?t=511 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •