Vulnerabilities > Webmin > Webmin
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-07-04 | CVE-2017-9313 | Cross-site Scripting vulnerability in Webmin Multiple Cross-site scripting (XSS) vulnerabilities in Webmin before 1.850 allow remote attackers to inject arbitrary web script or HTML via the sec parameter to view_man.cgi, the referers parameter to change_referers.cgi, or the name parameter to save_user.cgi. | 4.3 |
2017-04-28 | CVE-2017-2106 | Cross-site Scripting vulnerability in Webmin Multiple cross-site scripting vulnerabilities in Webmin versions prior to 1.830 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2015-02-10 | CVE-2015-1377 | Link Following vulnerability in Webmin The Read Mail module in Webmin 1.720 allows local users to read arbitrary files via a symlink attack on an unspecified file. | 4.9 |
2014-07-20 | CVE-2014-3886 | Cross-Site Scripting vulnerability in Webmin Cross-site scripting (XSS) vulnerability in Webmin before 1.690, when referrer checking is disabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2.6 |
2014-07-20 | CVE-2014-3885 | Cross-Site Scripting vulnerability in Webmin Cross-site scripting (XSS) vulnerability in Webmin before 1.690 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2014-05-30 | CVE-2014-3924 | Cross-Site Scripting vulnerability in Webmin Userwin and Webmin Multiple cross-site scripting (XSS) vulnerabilities in Webmin before 1.690 and Usermin before 1.600 allow remote attackers to inject arbitrary web script or HTML via vectors related to popup windows. | 4.3 |
2014-03-16 | CVE-2014-0339 | Cross-Site Scripting vulnerability in Webmin Cross-site scripting (XSS) vulnerability in view.cgi in Webmin before 1.680 allows remote attackers to inject arbitrary web script or HTML via the search parameter. | 4.3 |
2011-05-31 | CVE-2011-1937 | Cross-Site Scripting vulnerability in Webmin Cross-site scripting (XSS) vulnerability in Webmin 1.540 and earlier allows local users to inject arbitrary web script or HTML via a chfn command that changes the real (aka Full Name) field, related to useradmin/index.cgi and useradmin/user-lib.pl. | 4.3 |
2010-01-05 | CVE-2009-4568 | Cross-Site Scripting vulnerability in Webmin Usermin and Webmin Cross-site scripting (XSS) vulnerability in Webmin before 1.500 and Usermin before 1.430 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2008-02-12 | CVE-2008-0720 | Cross-Site Scripting vulnerability in Webmin Usermin and Webmin Cross-site scripting (XSS) vulnerability in Webmin 1.370 and 1.390 and Usermin 1.300 and 1.320 allows remote attackers to inject arbitrary web script or HTML via the search parameter to webmin_search.cgi (aka the search section), and possibly other components accessed through a "search box" or "open file box." NOTE: some of these details are obtained from third party information. | 4.3 |