CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-36452
https://notcve.org/view.php?id=CVE-2024-36452
10 Jul 2024 — Cross-site request forgery vulnerability exists in ajaxterm module of Webmin versions prior to 2.003. If this vulnerability is exploited, unintended operations may be performed when a user views a malicious page while logged in. As a result, data within a system may be referred, a webpage may be altered, or a server may be permanently halted. Existe una vulnerabilidad de Cross-site request forgery en el módulo ajaxterm de las versiones de Webmin anteriores a la 2.003. Si se explota esta vulnerabilidad, se p... • https://jvn.jp/en/jp/JVN81442045 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-36451
https://notcve.org/view.php?id=CVE-2024-36451
10 Jul 2024 — Improper handling of insufficient permissions or privileges vulnerability exists in ajaxterm module of Webmin prior to 2.003. If this vulnerability is exploited, a console session may be hijacked by an unauthorized user. As a result, data within a system may be referred, a webpage may be altered, or a server may be permanently halted. Existe una vulnerabilidad de manejo incorrecto de permisos o privilegios insuficientes en el módulo ajaxterm de Webmin anterior a 2.003. Si se aprovecha esta vulnerabilidad, u... • https://jvn.jp/en/jp/JVN81442045 • CWE-280: Improper Handling of Insufficient Permissions or Privileges •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-52046
https://notcve.org/view.php?id=CVE-2023-52046
25 Jan 2024 — Cross Site Scripting vulnerability (XSS) in webmin v.2.105 and earlier allows a remote attacker to execute arbitrary code via a crafted payload to the "Execute cron job as" tab Input field. Vulnerabilidad de cross site scripting (XSS) en webmin v.2.105 y versiones anteriores permite a un atacante remoto ejecutar código arbitrario a través de un payload manipulado en el campo de entrada de la pestaña "Execute cron job as". • https://github.com/Acklee/webadmin_xss/blob/main/xss.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •