Vulnerabilities > Webmin

DATE CVE VULNERABILITY TITLE RISK
2017-10-19 CVE-2017-15646 Cross-site Scripting vulnerability in Webmin
Webmin before 1.860 has XSS with resultant remote code execution.
network
low complexity
webmin CWE-79
6.1
2017-10-19 CVE-2017-15645 Cross-Site Request Forgery (CSRF) vulnerability in Webmin
CSRF exists in Webmin 1.850.
network
low complexity
webmin CWE-352
8.8
2017-10-19 CVE-2017-15644 Server-Side Request Forgery (SSRF) vulnerability in Webmin
SSRF exists in Webmin 1.850 via the PATH_INFO to tunnel/link.cgi, as demonstrated by a GET request for tunnel/link.cgi/http://INTRANET-IP:8000.
network
low complexity
webmin CWE-918
8.6
2017-07-04 CVE-2017-9313 Cross-site Scripting vulnerability in Webmin
Multiple Cross-site scripting (XSS) vulnerabilities in Webmin before 1.850 allow remote attackers to inject arbitrary web script or HTML via the sec parameter to view_man.cgi, the referers parameter to change_referers.cgi, or the name parameter to save_user.cgi.
network
low complexity
webmin CWE-79
6.1
2017-04-28 CVE-2017-2106 Cross-site Scripting vulnerability in Webmin
Multiple cross-site scripting vulnerabilities in Webmin versions prior to 1.830 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
webmin CWE-79
6.1
2017-04-12 CVE-2016-4897 Cross-site Scripting vulnerability in Webmin Usermin
Multiple cross-site scripting (XSS) vulnerabilities in (1) filter/save_forward.cgi, (2) filter/save.cgi, (3) /man/search.cgi in Usermin before 1.690.
network
low complexity
webmin CWE-79
6.1