Vulnerabilities > Webmin > Usermin > 1.160

DATE CVE VULNERABILITY TITLE RISK
2022-10-25 CVE-2022-35132 OS Command Injection vulnerability in Webmin Usermin
Usermin through 1.850 allows a remote authenticated user to execute OS commands via command injection in a filename for the GPG module.
network
low complexity
webmin CWE-78
8.8
2022-07-27 CVE-2022-36880 Cross-site Scripting vulnerability in Webmin Usermin
The Read Mail module in Webmin 1.995 and Usermin through 1.850 allows XSS via a crafted HTML e-mail message.
network
webmin CWE-79
4.3
2017-04-12 CVE-2016-4897 Cross-site Scripting vulnerability in Webmin Usermin
Multiple cross-site scripting (XSS) vulnerabilities in (1) filter/save_forward.cgi, (2) filter/save.cgi, (3) /man/search.cgi in Usermin before 1.690.
network
webmin CWE-79
4.3
2014-07-20 CVE-2014-3884 Cross-Site Scripting vulnerability in Webmin Usermin
Cross-site scripting (XSS) vulnerability in Usermin before 1.600 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
webmin CWE-79
4.3
2014-06-21 CVE-2014-3883 OS Command Injection vulnerability in Webmin Usermin
Usermin before 1.600 allows remote attackers to execute arbitrary operating-system commands via unspecified vectors related to a user action.
network
webmin CWE-78
6.8
2007-06-11 CVE-2007-3156 Cross-Site Scripting vulnerability in Webmin Usermin and Webmin
Multiple cross-site scripting (XSS) vulnerabilities in pam_login.cgi in Webmin before 1.350 and Usermin before 1.280 allow remote attackers to inject arbitrary web script or HTML via the (1) cid, (2) message, or (3) question parameter.
network
webmin CWE-79
4.3