Shodan
Vulnerabilities
Vulnerable Software
Webmin:  >> Webmin  >> 2.302  Security Vulnerabilities
CVE-2026-22678
Webmin before 2.641 contains a stored cross-site scripting vulnerability in the email template description field of the System and Server Status module that allows low-privileged authenticated attackers to execute arbitrary JavaScript in the browser context of administrators by injecting unsanitized input stored in save_tmpl.cgi and rendered unescaped in list_tmpls.cgi.
CVSS Score
5.1
EPSS Score
0.0
Published
2026-05-21


Products
Pricing
Contact Us

Shodan ® - All rights reserved