Webmin before 2.202 and Virtualmin before 7.20.2 allow a network traffic loop via spoofed UDP packets on port 10000.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-09-04
Cross Site Scripting vulnerability (XSS) in webmin v.2.105 and earlier allows a remote attacker to execute arbitrary code via a crafted payload to the "Execute cron job as" tab Input field.
CVSS Score
4.8
EPSS Score
0.001
Published
2024-01-25
There is a stored cross-site scripting (XSS) vulnerability in Webmin 2.002 and below via the Cluster Cron Job tab Input field, which allows attackers to run malicious scripts by injecting a specially crafted payload.
CVSS Score
4.8
EPSS Score
0.001
Published
2023-09-21
software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command.
CVSS Score
9.8
EPSS Score
0.938
Published
2022-07-25
Webmin through 1.991, when the Authentic theme is used, allows remote code execution when a user has been manually created (i.e., not created in Virtualmin or Cloudmin). This occurs because settings-editor_write.cgi does not properly restrict the file parameter.
CVSS Score
8.8
EPSS Score
0.026
Published
2022-05-15
Improper Access Control to Remote Code Execution in GitHub repository webmin/webmin prior to 1.990.
CVSS Score
8.3
EPSS Score
0.94
Published
2022-03-02
Improper Authorization in GitHub repository webmin/webmin prior to 1.990.
CVSS Score
5.4
EPSS Score
0.003
Published
2022-03-02
Arbitrary command execution can occur in Webmin through 1.962. Any user authorized for the Package Updates module can execute arbitrary commands with root privileges via vectors involving %0A and %0C. NOTE: this issue exists because of an incomplete fix for CVE-2019-12840.
CVSS Score
8.8
EPSS Score
0.817
Published
2020-12-21