Vulnerabilities > Webmin

DATE CVE VULNERABILITY TITLE RISK
2021-04-25 CVE-2021-31762 Cross-Site Request Forgery (CSRF) vulnerability in Webmin 1.973
Webmin 1.973 is affected by Cross Site Request Forgery (CSRF) to create a privileged user through Webmin's add users feature, and then get a reverse shell through Webmin's running process feature.
network
webmin CWE-352
6.8
2021-04-25 CVE-2021-31761 Cross-site Scripting vulnerability in Webmin 1.973
Webmin 1.973 is affected by reflected Cross Site Scripting (XSS) to achieve Remote Command Execution through Webmin's running process feature.
network
webmin CWE-79
6.8
2021-04-25 CVE-2021-31760 Cross-Site Request Forgery (CSRF) vulnerability in Webmin 1.973
Webmin 1.973 is affected by Cross Site Request Forgery (CSRF) to achieve Remote Command Execution (RCE) through Webmin's running process feature.
network
webmin CWE-352
6.8
2020-12-29 CVE-2020-35769 Unspecified vulnerability in Webmin 1.962
miniserv.pl in Webmin 1.962 on Windows mishandles special characters in query arguments to the CGI program.
network
low complexity
webmin
7.5
2020-12-21 CVE-2020-35606 Command Injection vulnerability in Webmin
Arbitrary command execution can occur in Webmin through 1.962.
network
low complexity
webmin CWE-77
critical
9.0
2020-10-12 CVE-2020-8821 Injection vulnerability in Webmin
An Improper Data Validation Vulnerability exists in Webmin 1.941 and earlier affecting the Command Shell Endpoint.
network
webmin CWE-74
3.5
2020-10-12 CVE-2020-8820 Cross-site Scripting vulnerability in Webmin
An XSS Vulnerability exists in Webmin 1.941 and earlier affecting the Cluster Shell Commands Endpoint.
network
webmin CWE-79
3.5
2020-10-12 CVE-2020-12670 Cross-site Scripting vulnerability in Webmin
XSS exists in Webmin 1.941 and earlier affecting the Save function of the Read User Email Module / mailboxes Endpoint when attempting to save HTML emails.
network
webmin CWE-79
4.3
2019-08-26 CVE-2019-15642 Code Injection vulnerability in Webmin
rpc.cgi in Webmin through 1.920 allows authenticated Remote Code Execution via a crafted object name because unserialise_variable makes an eval call.
network
low complexity
webmin CWE-94
6.5
2019-08-26 CVE-2019-15641 XXE vulnerability in Webmin
xmlrpc.cgi in Webmin through 1.930 allows authenticated XXE attacks.
network
low complexity
webmin CWE-611
6.8