CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-52046
https://notcve.org/view.php?id=CVE-2023-52046
25 Jan 2024 — Cross Site Scripting vulnerability (XSS) in webmin v.2.105 and earlier allows a remote attacker to execute arbitrary code via a crafted payload to the "Execute cron job as" tab Input field. Vulnerabilidad de cross site scripting (XSS) en webmin v.2.105 y versiones anteriores permite a un atacante remoto ejecutar código arbitrario a través de un payload manipulado en el campo de entrada de la pestaña "Execute cron job as". • https://github.com/Acklee/webadmin_xss/blob/main/xss.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-43309
https://notcve.org/view.php?id=CVE-2023-43309
21 Sep 2023 — There is a stored cross-site scripting (XSS) vulnerability in Webmin 2.002 and below via the Cluster Cron Job tab Input field, which allows attackers to run malicious scripts by injecting a specially crafted payload. Vulnerabilidad de Cross-Site Scripting (XSS) almacenado en Webmin 2.002 y versiones anteriores a través del archivo Cluster Cron Job tab Input, que permite a los atacantes ejecutar scripts maliciosos inyectando un payload manipulado. • https://github.com/TishaManandhar/Webmin_xss_POC/blob/main/XSS • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 97%CPEs: 1EXPL: 8CVE-2022-36446 – Webmin 1.996 - Remote Code Execution (RCE) (Authenticated)
https://notcve.org/view.php?id=CVE-2022-36446
25 Jul 2022 — software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command. El archivo software/apt-lib.pl en Webmin versiones anteriores a 1.997, carece de escape HTML para un comando de la Interfaz de Usuario Webmin version 1.996 suffers from an authenticated remote code execution vulnerability. • https://packetstorm.news/files/id/167894 • CWE-116: Improper Encoding or Escaping of Output •
CVSS: 8.8EPSS: 2%CPEs: 1EXPL: 3CVE-2022-30708
https://notcve.org/view.php?id=CVE-2022-30708
15 May 2022 — Webmin through 1.991, when the Authentic theme is used, allows remote code execution when a user has been manually created (i.e., not created in Virtualmin or Cloudmin). This occurs because settings-editor_write.cgi does not properly restrict the file parameter. Webmin versiones hasta 1.991, cuando es usado el tema Authentic, permite una ejecución de código remota cuando un usuario ha sido creado manualmente (es decir, no ha sido creado en Virtualmin o Cloudmin). Esto ocurre porque settings-editor_write.cgi... • https://github.com/esp0xdeadbeef/rce_webmin •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 2CVE-2022-0829 – Improper Authorization in webmin/webmin
https://notcve.org/view.php?id=CVE-2022-0829
02 Mar 2022 — Improper Authorization in GitHub repository webmin/webmin prior to 1.990. Una Autorización Inapropiada en el repositorio de GitHub webmin/webmin versiones anteriores a 1.990 • https://github.com/webmin/webmin/commit/eeeea3c097f5cc473770119f7ac61f1dcfa671b9 • CWE-285: Improper Authorization CWE-863: Incorrect Authorization •
CVSS: 9.0EPSS: 97%CPEs: 1EXPL: 11CVE-2022-0824 – Improper Access Control to Remote Code Execution in webmin/webmin
https://notcve.org/view.php?id=CVE-2022-0824
02 Mar 2022 — Improper Access Control to Remote Code Execution in GitHub repository webmin/webmin prior to 1.990. Un Control de Acceso Inapropiado para una Ejecución de Código Remota en el repositorio de GitHub webmin/webmin versiones anteriores a 1.990 • https://packetstorm.news/files/id/166240 • CWE-284: Improper Access Control CWE-863: Incorrect Authorization •
CVSS: 9.0EPSS: 7%CPEs: 1EXPL: 5CVE-2020-35606 – Webmin 1.962 - 'Package Updates' Escape Bypass RCE
https://notcve.org/view.php?id=CVE-2020-35606
21 Dec 2020 — Arbitrary command execution can occur in Webmin through 1.962. Any user authorized for the Package Updates module can execute arbitrary commands with root privileges via vectors involving %0A and %0C. NOTE: this issue exists because of an incomplete fix for CVE-2019-12840. Una ejecución de comandos arbitraria puede ocurrir en Webmin versiones hasta 1.962. Cualquier usuario autorizado para el módulo Package Updates puede ejecutar comandos arbitrarios con privilegios root por medio de vectores que involu... • https://packetstorm.news/files/id/160676 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-12670
https://notcve.org/view.php?id=CVE-2020-12670
12 Oct 2020 — XSS exists in Webmin 1.941 and earlier affecting the Save function of the Read User Email Module / mailboxes Endpoint when attempting to save HTML emails. This module parses any output without sanitizing SCRIPT elements, as opposed to the View function, which sanitizes the input correctly. A malicious user can send any JavaScript payload into the message body and execute it if the user decides to save that email. Se presenta una vulnerabilidad de tipo XSS en Webmin versiones 1.941 y anteriores, afectando a ... • https://www.webmin.com/security.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-8821
https://notcve.org/view.php?id=CVE-2020-8821
12 Oct 2020 — An Improper Data Validation Vulnerability exists in Webmin 1.941 and earlier affecting the Command Shell Endpoint. A user may enter HTML code into the Command field and submit it. Then, after visiting the Action Logs Menu and displaying logs, the HTML code will be rendered (however, JavaScript is not executed). Changes are kept across users. Se presenta una vulnerabilidad de Comprobación de Datos Inapropiada en Webmin versiones 1.941 y anteriores, afectando al Endpoint Command Shell. • https://www.webmin.com/security.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-8820
https://notcve.org/view.php?id=CVE-2020-8820
12 Oct 2020 — An XSS Vulnerability exists in Webmin 1.941 and earlier affecting the Cluster Shell Commands Endpoint. A user may enter any XSS Payload into the Command field and execute it. Then, after revisiting the Cluster Shell Commands Menu, the XSS Payload will be rendered and executed. Se presenta una vulnerabilidad de tipo XSS en Webmin versiones 1.941 y anteriores, afectando al Endpoint Cluster Shell Commands. Un usuario puede ingresar cualquier Carga Útil XSS en el campo Command y ejecutarlo. • https://www.webmin.com/security.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •