Webmin
Products by Webmin Sorted by Most Security Vulnerabilities since 2018
Known Exploited Webmin Vulnerabilities
The following Webmin vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.
Title | Description | Added |
---|---|---|
Webmin Command Injection Vulnerability | An issue was discovered in Webmin. The parameter old in password_change.cgi contains a command injection vulnerability. CVE-2019-15107 | March 25, 2022 |
By the Year
In 2024 there have been 1 vulnerability in Webmin with an average score of 4.8 out of ten. Last year Webmin had 27 security vulnerabilities published. Right now, Webmin is on track to have less security vulnerabilities in 2024 than it did last year. Last year, the average CVE base score was greater by 0.76
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 1 | 4.80 |
2023 | 27 | 5.56 |
2022 | 14 | 7.91 |
2021 | 3 | 9.07 |
2020 | 4 | 6.43 |
2019 | 6 | 7.85 |
2018 | 1 | 9.80 |
It may take a day or so for new Webmin vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Webmin Security Vulnerabilities
Cross Site Scripting vulnerability (XSS) in webmin v.2.105 and earlier
CVE-2023-52046
4.8 - Medium
- January 25, 2024
Cross Site Scripting vulnerability (XSS) in webmin v.2.105 and earlier allows a remote attacker to execute arbitrary code via a crafted payload to the "Execute cron job as" tab Input field.
XSS
There is a stored cross-site scripting (XSS) vulnerability in Webmin 2.002 and below via the Cluster Cron Job tab Input field, which
CVE-2023-43309
4.8 - Medium
- September 21, 2023
There is a stored cross-site scripting (XSS) vulnerability in Webmin 2.002 and below via the Cluster Cron Job tab Input field, which allows attackers to run malicious scripts by injecting a specially crafted payload.
XSS
Multiple stored cross-site scripting (XSS) vulnerabilities in Usermin 2.000
CVE-2023-41157
5.4 - Medium
- September 16, 2023
Multiple stored cross-site scripting (XSS) vulnerabilities in Usermin 2.000 allow remote attackers to inject arbitrary web script or HTML via the folder name parameter while creating the folder to manage the folder tab, filter tab, and forward mail tab.
XSS
A reflected cross-site scripting (XSS) vulnerability in the File Manager function of Webmin v2.100
CVE-2023-40983
6.1 - Medium
- September 15, 2023
A reflected cross-site scripting (XSS) vulnerability in the File Manager function of Webmin v2.100 allows attackers to execute malicious scripts via injecting a crafted payload into the Find in Results file.
XSS
A stored cross-site scripting (XSS) vulnerability in Webmin v2.100
CVE-2023-40982
5.4 - Medium
- September 15, 2023
A stored cross-site scripting (XSS) vulnerability in Webmin v2.100 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cloned module name parameter.
XSS
A reflected cross-site scripting (XSS) vulnerability in the File Manager function of Webmin v2.100
CVE-2023-40984
5.4 - Medium
- September 15, 2023
A reflected cross-site scripting (XSS) vulnerability in the File Manager function of Webmin v2.100 allows attackers to execute malicious scripts via injecting a crafted payload into the Replace in Results file.
XSS
A stored cross-site scripting (XSS) vulnerability in the Usermin Configuration function of Webmin v2.100
CVE-2023-40986
5.4 - Medium
- September 15, 2023
A stored cross-site scripting (XSS) vulnerability in the Usermin Configuration function of Webmin v2.100 allows attackers to execute arbitrary web sripts or HTML via a crafted payload injected into the Custom field.
XSS
An issue was discovered in Webmin 2.100
CVE-2023-40985
5.4 - Medium
- September 15, 2023
An issue was discovered in Webmin 2.100. The File Manager functionality allows an attacker to exploit a Cross-Site Scripting (XSS) vulnerability. By providing a malicious payload, an attacker can inject arbitrary code, which is then executed within the context of the victim's browser when any file is searched/replaced.
XSS
A Stored Cross-Site Scripting (XSS) vulnerability while editing the autoreply file page in Usermin 2.000
CVE-2023-41159
5.4 - Medium
- September 14, 2023
A Stored Cross-Site Scripting (XSS) vulnerability while editing the autoreply file page in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML by editing the forward file manually.
XSS
A Stored Cross-Site Scripting (XSS) vulnerability in the filter and forward mail tab in Usermin 2.001
CVE-2023-41156
5.4 - Medium
- September 14, 2023
A Stored Cross-Site Scripting (XSS) vulnerability in the filter and forward mail tab in Usermin 2.001 allows remote attackers to inject arbitrary web script or HTML via the save to new folder named field while creating a new filter.
XSS
A Stored Cross-Site Scripting (XSS) vulnerability in the SSH configuration tab in Usermin 2.001
CVE-2023-41160
5.4 - Medium
- September 14, 2023
A Stored Cross-Site Scripting (XSS) vulnerability in the SSH configuration tab in Usermin 2.001 allows remote attackers to inject arbitrary web script or HTML via the key name field while adding an authorized key.
XSS
A Reflected Cross-site scripting (XSS) vulnerability in the file manager tab in Usermin 2.000
CVE-2023-41162
6.1 - Medium
- September 13, 2023
A Reflected Cross-site scripting (XSS) vulnerability in the file manager tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the file mask field while searching under the tools drop down.
XSS
A Stored Cross-Site Scripting (XSS) vulnerability in the MIME type programs tab in Usermin 2.000
CVE-2023-41152
5.4 - Medium
- September 13, 2023
A Stored Cross-Site Scripting (XSS) vulnerability in the MIME type programs tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the handle program field while creating a new MIME type program.
XSS
A Stored Cross-Site Scripting (XSS) vulnerability in the scheduled cron jobs tab in Usermin 2.000
CVE-2023-41154
5.4 - Medium
- September 13, 2023
A Stored Cross-Site Scripting (XSS) vulnerability in the scheduled cron jobs tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the value field parameter while creating a new environment variable.
XSS
A Stored Cross-Site Scripting (XSS) vulnerability in the mail forwarding and replies tab in Webmin and Usermin 2.000
CVE-2023-41155
5.4 - Medium
- September 13, 2023
A Stored Cross-Site Scripting (XSS) vulnerability in the mail forwarding and replies tab in Webmin and Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the forward to field while creating a mail forwarding rule.
XSS
A Stored Cross-Site Scripting (XSS) vulnerability in the MIME type programs tab in Usermin 2.000
CVE-2023-41158
5.4 - Medium
- September 13, 2023
A Stored Cross-Site Scripting (XSS) vulnerability in the MIME type programs tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the description field while creating a new MIME type program.
XSS
Multiple stored cross-site scripting (XSS) vulnerabilities in Usermin 2.000
CVE-2023-41161
5.4 - Medium
- September 07, 2023
Multiple stored cross-site scripting (XSS) vulnerabilities in Usermin 2.000 allow remote attackers to inject arbitrary web script or HTML via the key comment to different pages such as public key details, Export key, sign key, send to key server page, and fetch from key server page tab.
XSS
A Reflected Cross-site scripting (XSS) vulnerability in the file manager tab in Usermin 2.000
CVE-2023-41163
6.1 - Medium
- August 30, 2023
A Reflected Cross-site scripting (XSS) vulnerability in the file manager tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the replace in results field while replacing the results under the tools drop down.
XSS
A Stored Cross-Site Scripting (XSS) vulnerability in the SSH configuration tab in Usermin 2.001
CVE-2023-41153
5.4 - Medium
- August 29, 2023
A Stored Cross-Site Scripting (XSS) vulnerability in the SSH configuration tab in Usermin 2.001 allows remote attackers to inject arbitrary web script or HTML via options for the host value while editing the host options.
XSS
An issue was discovered in Webmin 2.021
CVE-2023-38308
6.1 - Medium
- July 31, 2023
An issue was discovered in Webmin 2.021. A Cross-Site Scripting (XSS) vulnerability was discovered in the HTTP Tunnel functionality when handling third-party domain URLs. By providing a crafted URL from a third-party domain, an attacker can inject malicious code. leading to the execution of arbitrary JavaScript code within the context of the victim's browser.
XSS