Vulnerabilities > Webmin > Low
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-10-12 | CVE-2020-8820 | Cross-site Scripting vulnerability in Webmin An XSS Vulnerability exists in Webmin 1.941 and earlier affecting the Cluster Shell Commands Endpoint. | 3.5 |
2020-10-12 | CVE-2020-8821 | Injection vulnerability in Webmin An Improper Data Validation Vulnerability exists in Webmin 1.941 and earlier affecting the Command Shell Endpoint. | 3.5 |
2019-03-21 | CVE-2018-19191 | Cross-site Scripting vulnerability in Webmin 1.890 Webmin 1.890 has XSS via /config.cgi?webmin, the /shell/index.cgi history parameter, /shell/index.cgi?stripped=1, or the /webminlog/search.cgi uall or mall parameter. | 3.5 |
2017-12-30 | CVE-2017-17089 | Cross-site Scripting vulnerability in Webmin custom/run.cgi in Webmin before 1.870 allows remote authenticated administrators to conduct XSS attacks via the description field in the custom command functionality. | 3.5 |
2014-07-20 | CVE-2014-3886 | Cross-Site Scripting vulnerability in Webmin Cross-site scripting (XSS) vulnerability in Webmin before 1.690, when referrer checking is disabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2.6 |
2004-10-20 | CVE-2004-0559 | The maketemp.pl script in Usermin 1.070 and 1.080 allows local users to overwrite arbitrary files at install time via a symlink attack on the /tmp/.usermin directory. | 2.1 |
2002-12-31 | CVE-2002-1672 | Unspecified vulnerability in Webmin 0.92/0.92.1 Webmin 0.92, when installed from an RPM, creates /var/webmin with insecure permissions (world readable), which could allow local users to read the root user's cookie-based authentication credentials and possibly hijack the root user's session using the credentials. | 2.1 |
2002-12-31 | CVE-2002-1673 | Unspecified vulnerability in Webmin The web interface for Webmin 0.92 does not properly quote or filter script code in files that are displayed to the interface, which allows local users to execute script and possibly steal cookies by inserting the script into certain files or fields, such as a real user name entry in the passwd file. | 3.6 |
2001-03-26 | CVE-2001-0222 | Unspecified vulnerability in Webmin 0.83 webmin 0.84 and earlier allows local users to overwrite and create arbitrary files via a symlink attack. | 1.2 |