Webmin: Security Vulnerabilities
The Read Mail module in Webmin 1.995 and Usermin through 1.850 allows XSS via a crafted HTML e-mail message.
CVSS Score
6.1
EPSS Score
0.005
Published
2022-07-27
software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command.
CVSS Score
9.8
EPSS Score
0.929
Published
2022-07-25
Webmin through 1.991, when the Authentic theme is used, allows remote code execution when a user has been manually created (i.e., not created in Virtualmin or Cloudmin). This occurs because settings-editor_write.cgi does not properly restrict the file parameter.
CVSS Score
8.8
EPSS Score
0.047
Published
2022-05-15
A cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 via the Scheduled Cron Jobs feature.
CVSS Score
8.8
EPSS Score
0.08
Published
2022-04-11
A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 via the Scheduled Cron Jobs feature.
CVSS Score
9.6
EPSS Score
0.253
Published
2022-04-11
A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 via the Upload and Download feature.
CVSS Score
6.1
EPSS Score
0.081
Published
2022-04-11
A Cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 via the Upload and Download feature.
CVSS Score
8.8
EPSS Score
0.08
Published
2022-04-11
A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 through the Add Users feature.
CVSS Score
6.1
EPSS Score
0.081
Published
2022-04-11
A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 through the File Manager feature.
CVSS Score
6.1
EPSS Score
0.081
Published
2022-04-11
A Cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 through the File Manager feature.
CVSS Score
8.8
EPSS Score
0.08
Published
2022-04-11