Vulnerabilities > Webmin
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-19 | CVE-2017-15644 | Server-Side Request Forgery (SSRF) vulnerability in Webmin SSRF exists in Webmin 1.850 via the PATH_INFO to tunnel/link.cgi, as demonstrated by a GET request for tunnel/link.cgi/http://INTRANET-IP:8000. | 5.0 |
| 2017-07-04 | CVE-2017-9313 | Cross-site Scripting vulnerability in Webmin Multiple Cross-site scripting (XSS) vulnerabilities in Webmin before 1.850 allow remote attackers to inject arbitrary web script or HTML via the sec parameter to view_man.cgi, the referers parameter to change_referers.cgi, or the name parameter to save_user.cgi. | 4.3 |
| 2017-04-28 | CVE-2017-2106 | Cross-site Scripting vulnerability in Webmin Multiple cross-site scripting vulnerabilities in Webmin versions prior to 1.830 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2017-04-12 | CVE-2016-4897 | Cross-site Scripting vulnerability in Webmin Usermin Multiple cross-site scripting (XSS) vulnerabilities in (1) filter/save_forward.cgi, (2) filter/save.cgi, (3) /man/search.cgi in Usermin before 1.690. | 4.3 |
| 2015-02-10 | CVE-2015-1377 | Link Following vulnerability in Webmin The Read Mail module in Webmin 1.720 allows local users to read arbitrary files via a symlink attack on an unspecified file. | 4.9 |
| 2014-07-20 | CVE-2014-3886 | Cross-Site Scripting vulnerability in Webmin Cross-site scripting (XSS) vulnerability in Webmin before 1.690, when referrer checking is disabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2.6 |
| 2014-07-20 | CVE-2014-3885 | Cross-Site Scripting vulnerability in Webmin Cross-site scripting (XSS) vulnerability in Webmin before 1.690 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2014-07-20 | CVE-2014-3884 | Cross-Site Scripting vulnerability in Webmin Usermin Cross-site scripting (XSS) vulnerability in Usermin before 1.600 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2014-06-21 | CVE-2014-3883 | OS Command Injection vulnerability in Webmin Usermin Usermin before 1.600 allows remote attackers to execute arbitrary operating-system commands via unspecified vectors related to a user action. | 6.8 |
| 2014-05-30 | CVE-2014-3924 | Cross-Site Scripting vulnerability in Webmin Userwin and Webmin Multiple cross-site scripting (XSS) vulnerabilities in Webmin before 1.690 and Usermin before 1.600 allow remote attackers to inject arbitrary web script or HTML via vectors related to popup windows. | 4.3 |