Shodan
Vulnerabilities
Vulnerable Software
Webmin:  >> Webmin  >> 2.100  Security Vulnerabilities
CVE-2026-22678
Webmin before 2.641 contains a stored cross-site scripting vulnerability in the email template description field of the System and Server Status module that allows low-privileged authenticated attackers to execute arbitrary JavaScript in the browser context of administrators by injecting unsanitized input stored in save_tmpl.cgi and rendered unescaped in list_tmpls.cgi.
CVSS Score
5.1
EPSS Score
0.0
Published
2026-05-21
CVE-2024-45692
Webmin before 2.202 and Virtualmin before 7.20.2 allow a network traffic loop via spoofed UDP packets on port 10000.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-09-04
CVE-2023-52046
Cross Site Scripting vulnerability (XSS) in webmin v.2.105 and earlier allows a remote attacker to execute arbitrary code via a crafted payload to the "Execute cron job as" tab Input field.
CVSS Score
4.8
EPSS Score
0.001
Published
2024-01-25
CVE-2023-40983
A reflected cross-site scripting (XSS) vulnerability in the File Manager function of Webmin v2.100 allows attackers to execute malicious scripts via injecting a crafted payload into the Find in Results file.
CVSS Score
6.1
EPSS Score
0.007
Published
2023-09-15
CVE-2023-40982
A stored cross-site scripting (XSS) vulnerability in Webmin v2.100 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cloned module name parameter.
CVSS Score
5.4
EPSS Score
0.002
Published
2023-09-15
CVE-2023-40984
A reflected cross-site scripting (XSS) vulnerability in the File Manager function of Webmin v2.100 allows attackers to execute malicious scripts via injecting a crafted payload into the Replace in Results file.
CVSS Score
5.4
EPSS Score
0.003
Published
2023-09-15
CVE-2023-40985
An issue was discovered in Webmin 2.100. The File Manager functionality allows an attacker to exploit a Cross-Site Scripting (XSS) vulnerability. By providing a malicious payload, an attacker can inject arbitrary code, which is then executed within the context of the victim's browser when any file is searched/replaced.
CVSS Score
5.4
EPSS Score
0.002
Published
2023-09-15
CVE-2023-40986
A stored cross-site scripting (XSS) vulnerability in the Usermin Configuration function of Webmin v2.100 allows attackers to execute arbitrary web sripts or HTML via a crafted payload injected into the Custom field.
CVSS Score
5.4
EPSS Score
0.003
Published
2023-09-15


Products
Pricing
Contact Us

Shodan ® - All rights reserved