Webmin: Security Vulnerabilities
A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 through the Add Users feature.
CVSS Score
6.1
EPSS Score
0.081
Published
2022-04-11
A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 through the File Manager feature.
CVSS Score
6.1
EPSS Score
0.081
Published
2022-04-11
A Cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 through the File Manager feature.
CVSS Score
8.8
EPSS Score
0.08
Published
2022-04-11
Improper Access Control to Remote Code Execution in GitHub repository webmin/webmin prior to 1.990.
CVSS Score
8.3
EPSS Score
0.938
Published
2022-03-02
Improper Authorization in GitHub repository webmin/webmin prior to 1.990.
CVSS Score
5.4
EPSS Score
0.003
Published
2022-03-02
Webmin 1.973 is affected by Cross Site Request Forgery (CSRF) to achieve Remote Command Execution (RCE) through Webmin's running process feature.
CVSS Score
8.8
EPSS Score
0.399
Published
2021-04-25
Webmin 1.973 is affected by reflected Cross Site Scripting (XSS) to achieve Remote Command Execution through Webmin's running process feature.
CVSS Score
9.6
EPSS Score
0.819
Published
2021-04-25
Webmin 1.973 is affected by Cross Site Request Forgery (CSRF) to create a privileged user through Webmin's add users feature, and then get a reverse shell through Webmin's running process feature.
CVSS Score
8.8
EPSS Score
0.227
Published
2021-04-25
miniserv.pl in Webmin 1.962 on Windows mishandles special characters in query arguments to the CGI program.
CVSS Score
9.8
EPSS Score
0.004
Published
2020-12-29
Arbitrary command execution can occur in Webmin through 1.962. Any user authorized for the Package Updates module can execute arbitrary commands with root privileges via vectors involving %0A and %0C. NOTE: this issue exists because of an incomplete fix for CVE-2019-12840.
CVSS Score
8.8
EPSS Score
0.817
Published
2020-12-21