Vulnerabilities > Webmin > Webmin > 1.930

DATE CVE VULNERABILITY TITLE RISK
2024-09-04 CVE-2024-45692 Infinite Loop vulnerability in multiple products
Webmin before 2.202 and Virtualmin before 7.20.2 allow a network traffic loop via spoofed UDP packets on port 10000.
network
low complexity
virtualmin webmin CWE-835
7.5
7.5
2024-01-25 CVE-2023-52046 Cross-site Scripting vulnerability in Webmin
Cross Site Scripting vulnerability (XSS) in webmin v.2.105 and earlier allows a remote attacker to execute arbitrary code via a crafted payload to the "Execute cron job as" tab Input field.
network
low complexity
webmin CWE-79
4.8
4.8
2023-09-21 CVE-2023-43309 Cross-site Scripting vulnerability in Webmin
There is a stored cross-site scripting (XSS) vulnerability in Webmin 2.002 and below via the Cluster Cron Job tab Input field, which allows attackers to run malicious scripts by injecting a specially crafted payload.
network
low complexity
webmin CWE-79
4.8
4.8
2022-07-25 CVE-2022-36446 Improper Encoding or Escaping of Output vulnerability in Webmin
software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command.
network
low complexity
webmin CWE-116
critical
 9.8
9.8
2022-05-15 CVE-2022-30708 Unspecified vulnerability in Webmin
Webmin through 1.991, when the Authentic theme is used, allows remote code execution when a user has been manually created (i.e., not created in Virtualmin or Cloudmin).
network
low complexity
webmin
8.8
8.8
2022-03-02 CVE-2022-0824 Unspecified vulnerability in Webmin
Improper Access Control to Remote Code Execution in GitHub repository webmin/webmin prior to 1.990.
network
low complexity
webmin
8.8
8.8
2022-03-02 CVE-2022-0829 Unspecified vulnerability in Webmin
Improper Authorization in GitHub repository webmin/webmin prior to 1.990.
network
low complexity
webmin
8.1
8.1
2020-12-21 CVE-2020-35606 OS Command Injection vulnerability in Webmin
Arbitrary command execution can occur in Webmin through 1.962.
network
low complexity
webmin CWE-78
8.8
8.8
2020-10-12 CVE-2020-8821 Cross-site Scripting vulnerability in Webmin
An Improper Data Validation Vulnerability exists in Webmin 1.941 and earlier affecting the Command Shell Endpoint.
network
low complexity
webmin CWE-79
5.4
5.4
2020-10-12 CVE-2020-8820 Cross-site Scripting vulnerability in Webmin
An XSS Vulnerability exists in Webmin 1.941 and earlier affecting the Cluster Shell Commands Endpoint.
network
low complexity
webmin CWE-79
5.4
5.4