Vulnerabilities > Webmin

DATE CVE VULNERABILITY TITLE RISK
2022-04-11 CVE-2021-32161 Cross-site Scripting vulnerability in Webmin 1.973
A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 through the File Manager feature.
network
low complexity
webmin CWE-79
6.1
2022-04-11 CVE-2021-32162 Cross-Site Request Forgery (CSRF) vulnerability in Webmin 1.973
A Cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 through the File Manager feature.
network
low complexity
webmin CWE-352
8.8
2022-03-02 CVE-2022-0824 Unspecified vulnerability in Webmin
Improper Access Control to Remote Code Execution in GitHub repository webmin/webmin prior to 1.990.
network
low complexity
webmin
8.8
2022-03-02 CVE-2022-0829 Unspecified vulnerability in Webmin
Improper Authorization in GitHub repository webmin/webmin prior to 1.990.
network
low complexity
webmin
8.1
2021-04-25 CVE-2021-31762 Cross-Site Request Forgery (CSRF) vulnerability in Webmin 1.973
Webmin 1.973 is affected by Cross Site Request Forgery (CSRF) to create a privileged user through Webmin's add users feature, and then get a reverse shell through Webmin's running process feature.
network
low complexity
webmin CWE-352
8.8
2021-04-25 CVE-2021-31761 Cross-site Scripting vulnerability in Webmin 1.973
Webmin 1.973 is affected by reflected Cross Site Scripting (XSS) to achieve Remote Command Execution through Webmin's running process feature.
network
low complexity
webmin CWE-79
critical
9.6
2021-04-25 CVE-2021-31760 Cross-Site Request Forgery (CSRF) vulnerability in Webmin 1.973
Webmin 1.973 is affected by Cross Site Request Forgery (CSRF) to achieve Remote Command Execution (RCE) through Webmin's running process feature.
network
low complexity
webmin CWE-352
8.8
2020-12-29 CVE-2020-35769 Unspecified vulnerability in Webmin 1.962
miniserv.pl in Webmin 1.962 on Windows mishandles special characters in query arguments to the CGI program.
network
low complexity
webmin
critical
9.8
2020-12-21 CVE-2020-35606 OS Command Injection vulnerability in Webmin
Arbitrary command execution can occur in Webmin through 1.962.
network
low complexity
webmin CWE-78
8.8
2020-10-12 CVE-2020-8821 Cross-site Scripting vulnerability in Webmin
An Improper Data Validation Vulnerability exists in Webmin 1.941 and earlier affecting the Command Shell Endpoint.
network
low complexity
webmin CWE-79
5.4