Vulnerabilities > Webmin > Webmin
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-03-02 | CVE-2022-0829 | Improper Authorization vulnerability in Webmin Improper Authorization in GitHub repository webmin/webmin prior to 1.990. | 5.5 |
2021-04-25 | CVE-2021-31762 | Cross-Site Request Forgery (CSRF) vulnerability in Webmin 1.973 Webmin 1.973 is affected by Cross Site Request Forgery (CSRF) to create a privileged user through Webmin's add users feature, and then get a reverse shell through Webmin's running process feature. | 6.8 |
2021-04-25 | CVE-2021-31761 | Cross-site Scripting vulnerability in Webmin 1.973 Webmin 1.973 is affected by reflected Cross Site Scripting (XSS) to achieve Remote Command Execution through Webmin's running process feature. | 6.8 |
2021-04-25 | CVE-2021-31760 | Cross-Site Request Forgery (CSRF) vulnerability in Webmin 1.973 Webmin 1.973 is affected by Cross Site Request Forgery (CSRF) to achieve Remote Command Execution (RCE) through Webmin's running process feature. | 6.8 |
2020-12-29 | CVE-2020-35769 | Unspecified vulnerability in Webmin 1.962 miniserv.pl in Webmin 1.962 on Windows mishandles special characters in query arguments to the CGI program. | 7.5 |
2020-12-21 | CVE-2020-35606 | OS Command Injection vulnerability in Webmin Arbitrary command execution can occur in Webmin through 1.962. | 9.0 |
2020-10-12 | CVE-2020-8821 | Injection vulnerability in Webmin An Improper Data Validation Vulnerability exists in Webmin 1.941 and earlier affecting the Command Shell Endpoint. | 3.5 |
2020-10-12 | CVE-2020-8820 | Cross-site Scripting vulnerability in Webmin An XSS Vulnerability exists in Webmin 1.941 and earlier affecting the Cluster Shell Commands Endpoint. | 3.5 |
2020-10-12 | CVE-2020-12670 | Cross-site Scripting vulnerability in Webmin XSS exists in Webmin 1.941 and earlier affecting the Save function of the Read User Email Module / mailboxes Endpoint when attempting to save HTML emails. | 4.3 |
2019-08-26 | CVE-2019-15642 | Code Injection vulnerability in Webmin rpc.cgi in Webmin through 1.920 allows authenticated Remote Code Execution via a crafted object name because unserialise_variable makes an eval call. | 6.5 |