Vulnerabilities > Webmin
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-03-16 | CVE-2014-0339 | Cross-Site Scripting vulnerability in Webmin Cross-site scripting (XSS) vulnerability in view.cgi in Webmin before 1.680 allows remote attackers to inject arbitrary web script or HTML via the search parameter. | 4.3 |
| 2011-05-31 | CVE-2011-1937 | Cross-Site Scripting vulnerability in Webmin Cross-site scripting (XSS) vulnerability in Webmin 1.540 and earlier allows local users to inject arbitrary web script or HTML via a chfn command that changes the real (aka Full Name) field, related to useradmin/index.cgi and useradmin/user-lib.pl. | 4.3 |
| 2010-01-05 | CVE-2009-4568 | Cross-Site Scripting vulnerability in Webmin Usermin and Webmin Cross-site scripting (XSS) vulnerability in Webmin before 1.500 and Usermin before 1.430 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2008-02-12 | CVE-2008-0720 | Cross-Site Scripting vulnerability in Webmin Usermin and Webmin Cross-site scripting (XSS) vulnerability in Webmin 1.370 and 1.390 and Usermin 1.300 and 1.320 allows remote attackers to inject arbitrary web script or HTML via the search parameter to webmin_search.cgi (aka the search section), and possibly other components accessed through a "search box" or "open file box." NOTE: some of these details are obtained from third party information. | 4.3 |
| 2007-09-24 | CVE-2007-5066 | Improper Input Validation vulnerability in Webmin Unspecified vulnerability in Webmin before 1.370 on Windows allows remote authenticated users to execute arbitrary commands via a crafted URL. | 9.0 |
| 2007-06-11 | CVE-2007-3156 | Cross-Site Scripting vulnerability in Webmin Usermin and Webmin Multiple cross-site scripting (XSS) vulnerabilities in pam_login.cgi in Webmin before 1.350 and Usermin before 1.280 allow remote attackers to inject arbitrary web script or HTML via the (1) cid, (2) message, or (3) question parameter. | 4.3 |
| 2007-03-05 | CVE-2007-1276 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Multiple cross-site scripting (XSS) vulnerabilities in chooser.cgi in Webmin before 1.330 and Usermin before 1.260 allow remote attackers to inject arbitrary web script or HTML via a crafted filename. | 4.3 |
| 2006-09-05 | CVE-2006-4542 | Cross-Site Scripting vulnerability in multiple products Webmin before 1.296 and Usermin before 1.226 do not properly handle a URL with a null ("%00") character, which allows remote attackers to conduct cross-site scripting (XSS), read CGI program source code, list directories, and possibly execute programs. | 6.8 |
| 2006-07-06 | CVE-2006-3392 | Information Disclosure vulnerability in Webmin/Usermin Unspecifed Webmin before 1.290 and Usermin before 1.220 calls the simplify_path function before decoding HTML, which allows remote attackers to read arbitrary files, as demonstrated using "..%01" sequences, which bypass the removal of "../" sequences before bytes such as "%01" are removed from the filename. | 5.0 |
| 2006-06-28 | CVE-2006-3274 | Remote Directory Traversal vulnerability in Webmin Directory traversal vulnerability in Webmin before 1.280, when run on Windows, allows remote attackers to read arbitrary files via \ (backslash) characters in the URL to certain directories under the web root, such as the image directory. | 5.0 |