Webmin - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Webmin
(Webmin)

Repositories	https://github.com/webmin/webmin
#Vulnerabilities	88

Date	Id	Summary	Products	Score	Patch	Annotated
2017-10-19	CVE-2017-15645	CSRF exists in Webmin 1.850. By sending a GET request to at/create_job.cgi containing dir=/&cmd= in the URI, an attacker to execute arbitrary commands.	Webmin	8.8
2017-10-19	CVE-2017-15644	SSRF exists in Webmin 1.850 via the PATH_INFO to tunnel/link.cgi, as demonstrated by a GET request for tunnel/link.cgi/http://INTRANET-IP:8000.	Webmin	8.6
2015-02-10	CVE-2015-1377	The Read Mail module in Webmin 1.720 allows local users to read arbitrary files via a symlink attack on an unspecified file.	Webmin	N/A
2014-05-30	CVE-2014-3924	Multiple cross-site scripting (XSS) vulnerabilities in Webmin before 1.690 and Usermin before 1.600 allow remote attackers to inject arbitrary web script or HTML via vectors related to popup windows.	Userwin, Webmin	N/A
2014-07-20	CVE-2014-3886	Cross-site scripting (XSS) vulnerability in Webmin before 1.690, when referrer checking is disabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this might overlap CVE-2014-3924.	Webmin	N/A
2014-07-20	CVE-2014-3885	Cross-site scripting (XSS) vulnerability in Webmin before 1.690 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. NOTE: this might overlap CVE-2014-3924.	Webmin	N/A
2014-03-16	CVE-2014-0339	Cross-site scripting (XSS) vulnerability in view.cgi in Webmin before 1.680 allows remote attackers to inject arbitrary web script or HTML via the search parameter.	Webmin	N/A
2011-05-31	CVE-2011-1937	Cross-site scripting (XSS) vulnerability in Webmin 1.540 and earlier allows local users to inject arbitrary web script or HTML via a chfn command that changes the real (aka Full Name) field, related to useradmin/index.cgi and useradmin/user-lib.pl.	Webmin	N/A
2010-01-05	CVE-2009-4568	Cross-site scripting (XSS) vulnerability in Webmin before 1.500 and Usermin before 1.430 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	Usermin, Webmin	N/A
2008-02-12	CVE-2008-0720	Cross-site scripting (XSS) vulnerability in Webmin 1.370 and 1.390 and Usermin 1.300 and 1.320 allows remote attackers to inject arbitrary web script or HTML via the search parameter to webmin_search.cgi (aka the search section), and possibly other components accessed through a "search box" or "open file box." NOTE: some of these details are obtained from third party information.	Usermin, Webmin	N/A