Vulnerabilities > Webmin

DATE CVE VULNERABILITY TITLE RISK
2022-07-27 CVE-2022-36880 Cross-site Scripting vulnerability in Webmin Usermin
The Read Mail module in Webmin 1.995 and Usermin through 1.850 allows XSS via a crafted HTML e-mail message.
network
webmin CWE-79
4.3
2022-07-25 CVE-2022-36446 Improper Encoding or Escaping of Output vulnerability in Webmin
software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command.
network
low complexity
webmin CWE-116
critical
9.8
2022-05-15 CVE-2022-30708 Unspecified vulnerability in Webmin
Webmin through 1.991, when the Authentic theme is used, allows remote code execution when a user has been manually created (i.e., not created in Virtualmin or Cloudmin).
network
low complexity
webmin
6.5
2022-04-11 CVE-2021-32156 Cross-Site Request Forgery (CSRF) vulnerability in Webmin 1.973
A cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 via the Scheduled Cron Jobs feature.
network
webmin CWE-352
6.8
2022-04-11 CVE-2021-32157 Cross-site Scripting vulnerability in Webmin 1.973
A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 via the Scheduled Cron Jobs feature.
network
webmin CWE-79
6.8
2022-04-11 CVE-2021-32158 Cross-site Scripting vulnerability in Webmin 1.973
A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 via the Upload and Download feature.
network
webmin CWE-79
4.3
2022-04-11 CVE-2021-32159 Cross-Site Request Forgery (CSRF) vulnerability in Webmin 1.973
A Cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 via the Upload and Download feature.
network
webmin CWE-352
6.8
2022-04-11 CVE-2021-32160 Cross-site Scripting vulnerability in Webmin 1.973
A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 through the Add Users feature.
network
webmin CWE-79
4.3
2022-04-11 CVE-2021-32161 Cross-site Scripting vulnerability in Webmin 1.973
A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 through the File Manager feature.
network
webmin CWE-79
4.3
2022-04-11 CVE-2021-32162 Cross-Site Request Forgery (CSRF) vulnerability in Webmin 1.973
A Cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 through the File Manager feature.
network
webmin CWE-352
6.8