Shodan
Vulnerabilities
Vulnerable Software
Webmin:  Security Vulnerabilities
CVE-2023-43309
There is a stored cross-site scripting (XSS) vulnerability in Webmin 2.002 and below via the Cluster Cron Job tab Input field, which allows attackers to run malicious scripts by injecting a specially crafted payload.
CVSS Score
4.8
EPSS Score
0.001
Published
2023-09-21
CVE-2023-41157
Multiple stored cross-site scripting (XSS) vulnerabilities in Usermin 2.000 allow remote attackers to inject arbitrary web script or HTML via the folder name parameter while creating the folder to manage the folder tab, filter tab, and forward mail tab.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-09-16
CVE-2023-40983
A reflected cross-site scripting (XSS) vulnerability in the File Manager function of Webmin v2.100 allows attackers to execute malicious scripts via injecting a crafted payload into the Find in Results file.
CVSS Score
6.1
EPSS Score
0.009
Published
2023-09-15
CVE-2023-40982
A stored cross-site scripting (XSS) vulnerability in Webmin v2.100 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cloned module name parameter.
CVSS Score
5.4
EPSS Score
0.003
Published
2023-09-15
CVE-2023-40984
A reflected cross-site scripting (XSS) vulnerability in the File Manager function of Webmin v2.100 allows attackers to execute malicious scripts via injecting a crafted payload into the Replace in Results file.
CVSS Score
5.4
EPSS Score
0.004
Published
2023-09-15
CVE-2023-40985
An issue was discovered in Webmin 2.100. The File Manager functionality allows an attacker to exploit a Cross-Site Scripting (XSS) vulnerability. By providing a malicious payload, an attacker can inject arbitrary code, which is then executed within the context of the victim's browser when any file is searched/replaced.
CVSS Score
5.4
EPSS Score
0.003
Published
2023-09-15
CVE-2023-40986
A stored cross-site scripting (XSS) vulnerability in the Usermin Configuration function of Webmin v2.100 allows attackers to execute arbitrary web sripts or HTML via a crafted payload injected into the Custom field.
CVSS Score
5.4
EPSS Score
0.003
Published
2023-09-15
CVE-2023-41156
A Stored Cross-Site Scripting (XSS) vulnerability in the filter and forward mail tab in Usermin 2.001 allows remote attackers to inject arbitrary web script or HTML via the save to new folder named field while creating a new filter.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-09-14
CVE-2023-41159
A Stored Cross-Site Scripting (XSS) vulnerability while editing the autoreply file page in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML by editing the forward file manually.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-09-14
CVE-2023-41160
A Stored Cross-Site Scripting (XSS) vulnerability in the SSH configuration tab in Usermin 2.001 allows remote attackers to inject arbitrary web script or HTML via the key name field while adding an authorized key.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-09-14


Products
Pricing
Contact Us

Shodan ® - All rights reserved