Vulnerabilities > Webmin

DATE CVE VULNERABILITY TITLE RISK
2020-12-29 CVE-2020-35769 Unspecified vulnerability in Webmin 1.962
miniserv.pl in Webmin 1.962 on Windows mishandles special characters in query arguments to the CGI program.
network
low complexity
webmin
7.5
2020-12-21 CVE-2020-35606 Command Injection vulnerability in Webmin
Arbitrary command execution can occur in Webmin through 1.962.
network
low complexity
webmin CWE-77
critical
9.0
2020-10-12 CVE-2020-8821 Injection vulnerability in Webmin
An Improper Data Validation Vulnerability exists in Webmin 1.941 and earlier affecting the Command Shell Endpoint.
network
webmin CWE-74
3.5
2020-10-12 CVE-2020-8820 Cross-Site Scripting vulnerability in Webmin
An XSS Vulnerability exists in Webmin 1.941 and earlier affecting the Cluster Shell Commands Endpoint.
network
webmin CWE-79
3.5
2020-10-12 CVE-2020-12670 Cross-Site Scripting vulnerability in Webmin
XSS exists in Webmin 1.941 and earlier affecting the Save function of the Read User Email Module / mailboxes Endpoint when attempting to save HTML emails.
network
webmin CWE-79
4.3
2019-08-26 CVE-2019-15642 Code Injection vulnerability in Webmin
rpc.cgi in Webmin through 1.920 allows authenticated Remote Code Execution via a crafted object name because unserialise_variable makes an eval call.
network
low complexity
webmin CWE-94
6.5
2019-08-26 CVE-2019-15641 XXE vulnerability in Webmin
xmlrpc.cgi in Webmin through 1.930 allows authenticated XXE attacks.
network
low complexity
webmin CWE-611
6.8
2019-08-16 CVE-2019-15107 OS Command Injection vulnerability in Webmin
An issue was discovered in Webmin <=1.920.
network
low complexity
webmin CWE-78
critical
10.0
2019-06-15 CVE-2019-12840 OS Command Injection vulnerability in Webmin
In Webmin through 1.910, any user authorized to the "Package Updates" module can execute arbitrary commands with root privileges via the data parameter to update.cgi.
network
low complexity
webmin CWE-78
critical
9.0
2019-03-21 CVE-2018-19191 Cross-Site Scripting vulnerability in Webmin 1.890
Webmin 1.890 has XSS via /config.cgi?webmin, the /shell/index.cgi history parameter, /shell/index.cgi?stripped=1, or the /webminlog/search.cgi uall or mall parameter.
network
webmin CWE-79
3.5