CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-38311
https://notcve.org/view.php?id=CVE-2023-38311
An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the System Logs Viewer functionality. The vulnerability allows an attacker to store a malicious payload in the configuration field, triggering the execution of the payload when saving the configuration or when accessing the System Logs Viewer page. • https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38311 https://webmin.com/tags/webmin-changelog • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-38304
https://notcve.org/view.php?id=CVE-2023-38304
An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the Users and Groups functionality, allowing an attacker to store a malicious payload in the Group Name field when creating a new group. • https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38304 https://webmin.com/tags/webmin-changelog • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-3844 – Webmin index.cgi cross site scripting
https://notcve.org/view.php?id=CVE-2022-3844
A vulnerability, which was classified as problematic, was found in Webmin 2.001. Affected is an unknown function of the file xterm/index.cgi. The manipulation leads to basic cross site scripting. It is possible to launch the attack remotely. Upgrading to version 2.003 is able to address this issue. • https://github.com/webmin/webmin/commit/d3d33af3c0c3fd3a889c84e287a038b7a457d811 https://github.com/webmin/webmin/releases/tag/2.003 https://vuldb.com/?ctiid.212862 https://vuldb.com/?id.212862 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-35132
https://notcve.org/view.php?id=CVE-2022-35132
Usermin through 1.850 allows a remote authenticated user to execute OS commands via command injection in a filename for the GPG module. Usermin versiones hasta 1.850, permite a un usuario remoto autenticado ejecutar comandos del Sistema Operativo por medio de una inyección de comandos en un nombre de archivo del módulo GPG • https://github.com/ly1g3/webmin-usermin-vulnerabilities https://webmin.com/uchanges.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-36880
https://notcve.org/view.php?id=CVE-2022-36880
The Read Mail module in Webmin 1.995 and Usermin through 1.850 allows XSS via a crafted HTML e-mail message. El módulo Read Mail de Webmin 1.995 y Usermin hasta 1.850 permite un ataque de tipo XSS por medio de un mensaje de correo electrónico HTML diseñado • https://www.webmin.com/security.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •