Vulnerabilities > Webmin

DATE CVE VULNERABILITY TITLE RISK
2024-09-04 CVE-2024-45692 Infinite Loop vulnerability in multiple products
Webmin before 2.202 and Virtualmin before 7.20.2 allow a network traffic loop via spoofed UDP packets on port 10000.
network
low complexity
virtualmin webmin CWE-835
7.5
2024-07-10 CVE-2024-36450 Cross-site Scripting vulnerability in Webmin
Cross-site scripting vulnerability exists in sysinfo.cgi of Webmin versions prior to 1.910.
network
low complexity
webmin CWE-79
5.4
2024-01-25 CVE-2023-52046 Cross-site Scripting vulnerability in Webmin
Cross Site Scripting vulnerability (XSS) in webmin v.2.105 and earlier allows a remote attacker to execute arbitrary code via a crafted payload to the "Execute cron job as" tab Input field.
network
low complexity
webmin CWE-79
4.8
2023-09-21 CVE-2023-43309 Cross-site Scripting vulnerability in Webmin
There is a stored cross-site scripting (XSS) vulnerability in Webmin 2.002 and below via the Cluster Cron Job tab Input field, which allows attackers to run malicious scripts by injecting a specially crafted payload.
network
low complexity
webmin CWE-79
4.8
2023-09-16 CVE-2023-41157 Cross-site Scripting vulnerability in Webmin Usermin 2.000
Multiple stored cross-site scripting (XSS) vulnerabilities in Usermin 2.000 allow remote attackers to inject arbitrary web script or HTML via the folder name parameter while creating the folder to manage the folder tab, filter tab, and forward mail tab.
network
low complexity
webmin CWE-79
5.4
2023-09-15 CVE-2023-40983 Cross-site Scripting vulnerability in Webmin 2.100
A reflected cross-site scripting (XSS) vulnerability in the File Manager function of Webmin v2.100 allows attackers to execute malicious scripts via injecting a crafted payload into the Find in Results file.
network
low complexity
webmin CWE-79
6.1
2023-09-15 CVE-2023-40982 Cross-site Scripting vulnerability in Webmin 2.100
A stored cross-site scripting (XSS) vulnerability in Webmin v2.100 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cloned module name parameter.
network
low complexity
webmin CWE-79
5.4
2023-09-15 CVE-2023-40984 Cross-site Scripting vulnerability in Webmin 2.100
A reflected cross-site scripting (XSS) vulnerability in the File Manager function of Webmin v2.100 allows attackers to execute malicious scripts via injecting a crafted payload into the Replace in Results file.
network
low complexity
webmin CWE-79
5.4
2023-09-15 CVE-2023-40985 Cross-site Scripting vulnerability in Webmin 2.100
An issue was discovered in Webmin 2.100.
network
low complexity
webmin CWE-79
5.4
2023-09-15 CVE-2023-40986 Cross-site Scripting vulnerability in Webmin 2.100
A stored cross-site scripting (XSS) vulnerability in the Usermin Configuration function of Webmin v2.100 allows attackers to execute arbitrary web sripts or HTML via a crafted payload injected into the Custom field.
network
low complexity
webmin CWE-79
5.4