Vulnerabilities > Webmin > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-07-27 | CVE-2022-36880 | Cross-site Scripting vulnerability in Webmin Usermin The Read Mail module in Webmin 1.995 and Usermin through 1.850 allows XSS via a crafted HTML e-mail message. | 6.1 |
| 2022-04-11 | CVE-2021-32158 | Cross-site Scripting vulnerability in Webmin 1.973 A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 via the Upload and Download feature. | 6.1 |
| 2022-04-11 | CVE-2021-32160 | Cross-site Scripting vulnerability in Webmin 1.973 A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 through the Add Users feature. | 6.1 |
| 2022-04-11 | CVE-2021-32161 | Cross-site Scripting vulnerability in Webmin 1.973 A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 through the File Manager feature. | 6.1 |
| 2020-10-12 | CVE-2020-8821 | Cross-site Scripting vulnerability in Webmin An Improper Data Validation Vulnerability exists in Webmin 1.941 and earlier affecting the Command Shell Endpoint. | 5.4 |
| 2020-10-12 | CVE-2020-8820 | Cross-site Scripting vulnerability in Webmin An XSS Vulnerability exists in Webmin 1.941 and earlier affecting the Cluster Shell Commands Endpoint. | 5.4 |
| 2020-10-12 | CVE-2020-12670 | Cross-site Scripting vulnerability in Webmin XSS exists in Webmin 1.941 and earlier affecting the Save function of the Read User Email Module / mailboxes Endpoint when attempting to save HTML emails. | 6.1 |
| 2019-08-26 | CVE-2019-15641 | XXE vulnerability in Webmin xmlrpc.cgi in Webmin through 1.930 allows authenticated XXE attacks. | 6.5 |
| 2019-03-21 | CVE-2018-19191 | Cross-site Scripting vulnerability in Webmin 1.890 Webmin 1.890 has XSS via /config.cgi?webmin, the /shell/index.cgi history parameter, /shell/index.cgi?stripped=1, or the /webminlog/search.cgi uall or mall parameter. | 5.4 |
| 2017-12-30 | CVE-2017-17089 | Cross-site Scripting vulnerability in Webmin custom/run.cgi in Webmin before 1.870 allows remote authenticated administrators to conduct XSS attacks via the description field in the custom command functionality. | 4.8 |