Vulnerabilities > Webmin > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-07-25 CVE-2022-36446 Improper Encoding or Escaping of Output vulnerability in Webmin
software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command.
network
low complexity
webmin CWE-116
critical
 9.8
9.8
2022-04-11 CVE-2021-32157 Cross-site Scripting vulnerability in Webmin 1.973
A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 via the Scheduled Cron Jobs feature.
network
low complexity
webmin CWE-79
critical
 9.6
9.6
2021-04-25 CVE-2021-31761 Cross-site Scripting vulnerability in Webmin 1.973
Webmin 1.973 is affected by reflected Cross Site Scripting (XSS) to achieve Remote Command Execution through Webmin's running process feature.
network
low complexity
webmin CWE-79
critical
 9.6
9.6
2020-12-29 CVE-2020-35769 Unspecified vulnerability in Webmin 1.962
miniserv.pl in Webmin 1.962 on Windows mishandles special characters in query arguments to the CGI program.
network
low complexity
webmin
critical
 9.8
9.8
2019-08-16 CVE-2019-15107 OS Command Injection vulnerability in Webmin
An issue was discovered in Webmin <=1.920.
network
low complexity
webmin CWE-78
critical
 9.8
9.8
2018-03-14 CVE-2018-8712 Path Traversal vulnerability in Webmin 1.840/1.880
An issue was discovered in Webmin 1.840 and 1.880 when the default Yes setting of "Can view any file as a log file" is enabled.
network
low complexity
webmin CWE-22
critical
 9.8
9.8