Webmin: >> Usermin >> 1.803 Security Vulnerabilities
Cross-site scripting vulnerability exists in session_login.cgi of Webmin versions prior to 1.970 and Usermin versions prior to 1.820. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product. As a result, a webpage may be altered or sensitive information such as a credential may be disclosed.
CVSS Score
6.1
EPSS Score
0.002
Published
2024-07-10
Usermin through 1.850 allows a remote authenticated user to execute OS commands via command injection in a filename for the GPG module.
CVSS Score
8.8
EPSS Score
0.12
Published
2022-10-25
The Read Mail module in Webmin 1.995 and Usermin through 1.850 allows XSS via a crafted HTML e-mail message.
CVSS Score
6.1
EPSS Score
0.005
Published
2022-07-27