Webmin before 2.202 and Virtualmin before 7.20.2 allow a network traffic loop via spoofed UDP packets on port 10000.
CVSS Score
7.5
EPSS Score
0.003
Published
2024-09-04
Improper handling of insufficient permissions or privileges vulnerability exists in ajaxterm module of Webmin prior to 2.003. If this vulnerability is exploited, a console session may be hijacked by an unauthorized user. As a result, data within a system may be referred, a webpage may be altered, or a server may be permanently halted.
CVSS Score
8.8
EPSS Score
0.002
Published
2024-07-10
Cross-site request forgery vulnerability exists in ajaxterm module of Webmin versions prior to 2.003. If this vulnerability is exploited, unintended operations may be performed when a user views a malicious page while logged in. As a result, data within a system may be referred, a webpage may be altered, or a server may be permanently halted.
CVSS Score
3.1
EPSS Score
0.001
Published
2024-07-10
Cross-site scripting vulnerability exists in session_login.cgi of Webmin versions prior to 1.970 and Usermin versions prior to 1.820. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product. As a result, a webpage may be altered or sensitive information such as a credential may be disclosed.
CVSS Score
6.1
EPSS Score
0.002
Published
2024-07-10
Cross-site scripting vulnerability exists in sysinfo.cgi of Webmin versions prior to 1.910. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product. As a result, a session ID may be obtained, a webpage may be altered, or a server may be halted.
CVSS Score
5.4
EPSS Score
0.002
Published
2024-07-10
Cross Site Scripting vulnerability (XSS) in webmin v.2.105 and earlier allows a remote attacker to execute arbitrary code via a crafted payload to the "Execute cron job as" tab Input field.
CVSS Score
4.8
EPSS Score
0.003
Published
2024-01-25
There is a stored cross-site scripting (XSS) vulnerability in Webmin 2.002 and below via the Cluster Cron Job tab Input field, which allows attackers to run malicious scripts by injecting a specially crafted payload.
CVSS Score
4.8
EPSS Score
0.002
Published
2023-09-21
software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command.
CVSS Score
9.8
EPSS Score
0.909
Published
2022-07-25
Webmin through 1.991, when the Authentic theme is used, allows remote code execution when a user has been manually created (i.e., not created in Virtualmin or Cloudmin). This occurs because settings-editor_write.cgi does not properly restrict the file parameter.
CVSS Score
8.8
EPSS Score
0.093
Published
2022-05-15
Improper Access Control to Remote Code Execution in GitHub repository webmin/webmin prior to 1.990.
CVSS Score
8.3
EPSS Score
0.923
Published
2022-03-02
Page 1