CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-32158
https://notcve.org/view.php?id=CVE-2021-32158
A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 via the Upload and Download feature. Se presenta una vulnerabilidad de tipo Cross-Site Scripting (XSS) en Webmin 1.973 por medio de la funcionalidad Upload and Download • https://github.com/Mesh3l911/CVE-2021-32158 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 2CVE-2021-32157
https://notcve.org/view.php?id=CVE-2021-32157
A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 via the Scheduled Cron Jobs feature. Se presenta una vulnerabilidad de tipo Cross-Site Scripting (XSS) en Webmin versión 1.973, por medio de la funcionalidad Scheduled Cron Jobs • https://github.com/Mesh3l911/CVE-2021-32157 https://github.com/dnr6419/CVE-2021-32157 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-32156
https://notcve.org/view.php?id=CVE-2021-32156
A cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 via the Scheduled Cron Jobs feature. Se presenta una vulnerabilidad de tipo cross-site request forgery (CSRF) en Webmin versión 1.973, por medio de la funcionalidad Scheduled Cron Jobs • https://github.com/Mesh3l911/CVE-2021-32156 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 2CVE-2022-0829 – Improper Authorization in webmin/webmin
https://notcve.org/view.php?id=CVE-2022-0829
Improper Authorization in GitHub repository webmin/webmin prior to 1.990. Una Autorización Inapropiada en el repositorio de GitHub webmin/webmin versiones anteriores a 1.990 • https://github.com/webmin/webmin/commit/eeeea3c097f5cc473770119f7ac61f1dcfa671b9 https://huntr.dev/bounties/f2d0389f-d7d1-4f34-9f9d-268b0a0da05e https://notes.netbytesec.com/2022/03/webmin-broken-access-control-to-post-auth-rce.html • CWE-285: Improper Authorization CWE-863: Incorrect Authorization •
CVSS: 9.0EPSS: 97%CPEs: 1EXPL: 8CVE-2022-0824 – Improper Access Control to Remote Code Execution in webmin/webmin
https://notcve.org/view.php?id=CVE-2022-0824
Improper Access Control to Remote Code Execution in GitHub repository webmin/webmin prior to 1.990. Un Control de Acceso Inapropiado para una Ejecución de Código Remota en el repositorio de GitHub webmin/webmin versiones anteriores a 1.990 • https://www.exploit-db.com/exploits/50809 https://github.com/faisalfs10x/Webmin-CVE-2022-0824-revshell https://github.com/pizza-power/golang-webmin-CVE-2022-0824-revshell https://github.com/honypot/CVE-2022-0824 http://packetstormsecurity.com/files/166240/Webmin-1.984-Remote-Code-Execution.html http://packetstormsecurity.com/files/169700/Webmin-1.984-File-Manager-Remote-Code-Execution.html https://github.com/webmin/webmin/commit/39ea464f0c40b325decd6a5bfb7833fa4a142e38 https://huntr.dev/bounties/d0049a96-de • CWE-284: Improper Access Control CWE-863: Incorrect Authorization •