CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-52046
https://notcve.org/view.php?id=CVE-2023-52046
25 Jan 2024 — Cross Site Scripting vulnerability (XSS) in webmin v.2.105 and earlier allows a remote attacker to execute arbitrary code via a crafted payload to the "Execute cron job as" tab Input field. Vulnerabilidad de cross site scripting (XSS) en webmin v.2.105 y versiones anteriores permite a un atacante remoto ejecutar código arbitrario a través de un payload manipulado en el campo de entrada de la pestaña "Execute cron job as". • https://github.com/Acklee/webadmin_xss/blob/main/xss.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-43309
https://notcve.org/view.php?id=CVE-2023-43309
21 Sep 2023 — There is a stored cross-site scripting (XSS) vulnerability in Webmin 2.002 and below via the Cluster Cron Job tab Input field, which allows attackers to run malicious scripts by injecting a specially crafted payload. Vulnerabilidad de Cross-Site Scripting (XSS) almacenado en Webmin 2.002 y versiones anteriores a través del archivo Cluster Cron Job tab Input, que permite a los atacantes ejecutar scripts maliciosos inyectando un payload manipulado. • https://github.com/TishaManandhar/Webmin_xss_POC/blob/main/XSS • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 93%CPEs: 1EXPL: 8CVE-2022-36446 – Webmin 1.996 - Remote Code Execution (RCE) (Authenticated)
https://notcve.org/view.php?id=CVE-2022-36446
25 Jul 2022 — software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command. El archivo software/apt-lib.pl en Webmin versiones anteriores a 1.997, carece de escape HTML para un comando de la Interfaz de Usuario Webmin version 1.996 suffers from an authenticated remote code execution vulnerability. • https://packetstorm.news/files/id/167894 • CWE-116: Improper Encoding or Escaping of Output •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 3CVE-2022-30708
https://notcve.org/view.php?id=CVE-2022-30708
15 May 2022 — Webmin through 1.991, when the Authentic theme is used, allows remote code execution when a user has been manually created (i.e., not created in Virtualmin or Cloudmin). This occurs because settings-editor_write.cgi does not properly restrict the file parameter. Webmin versiones hasta 1.991, cuando es usado el tema Authentic, permite una ejecución de código remota cuando un usuario ha sido creado manualmente (es decir, no ha sido creado en Virtualmin o Cloudmin). Esto ocurre porque settings-editor_write.cgi... • https://github.com/esp0xdeadbeef/rce_webmin •
CVSS: 8.8EPSS: 6%CPEs: 1EXPL: 1CVE-2021-32162
https://notcve.org/view.php?id=CVE-2021-32162
11 Apr 2022 — A Cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 through the File Manager feature. Se presenta una vulnerabilidad de tipo Cross-site request forgery (CSRF) en Webmin versión 1.973, mediante la funcionalidad File Manager • https://github.com/Mesh3l911/CVE-2021-32162 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 3%CPEs: 1EXPL: 1CVE-2021-32161
https://notcve.org/view.php?id=CVE-2021-32161
11 Apr 2022 — A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 through the File Manager feature. Se presenta una vulnerabilidad de tipo Cross-Site Scripting (XSS) en Webmin versión 1.973 mediante la función File Manager • https://github.com/Mesh3l911/CVE-2021-32161 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 2%CPEs: 1EXPL: 1CVE-2021-32160
https://notcve.org/view.php?id=CVE-2021-32160
11 Apr 2022 — A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 through the Add Users feature. Se presenta una vulnerabilidad de tipo Cross-Site Scripting (XSS) en Webmin versión 1.973, mediante la funcionalidad Add Users • https://github.com/Mesh3l911/CVE-2021-32160 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 5%CPEs: 1EXPL: 1CVE-2021-32159
https://notcve.org/view.php?id=CVE-2021-32159
11 Apr 2022 — A Cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 via the Upload and Download feature. Se presenta una vulnerabilidad de tipo Cross-site request forgery (CSRF) en Webmin versión 1.973, por medio de la funcionalidad Upload and Download • https://github.com/Mesh3l911/CVE-2021-32159 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 2%CPEs: 1EXPL: 1CVE-2021-32158
https://notcve.org/view.php?id=CVE-2021-32158
11 Apr 2022 — A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 via the Upload and Download feature. Se presenta una vulnerabilidad de tipo Cross-Site Scripting (XSS) en Webmin 1.973 por medio de la funcionalidad Upload and Download • https://github.com/Mesh3l911/CVE-2021-32158 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.6EPSS: 11%CPEs: 1EXPL: 2CVE-2021-32157
https://notcve.org/view.php?id=CVE-2021-32157
11 Apr 2022 — A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 via the Scheduled Cron Jobs feature. Se presenta una vulnerabilidad de tipo Cross-Site Scripting (XSS) en Webmin versión 1.973, por medio de la funcionalidad Scheduled Cron Jobs • https://github.com/Mesh3l911/CVE-2021-32157 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •