Webmin Webmin

  1. Vendors
  2. Webmin
Do you want an email whenever new security vulnerabilities are reported in any Webmin product?

Products by Webmin Sorted by Most Security Vulnerabilities since 2018

Webmin45 vulnerabilities

Webmin Usermin13 vulnerabilities

Known Exploited Webmin Vulnerabilities

The following Webmin vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
Webmin Command Injection Vulnerability An issue was discovered in Webmin. The parameter old in password_change.cgi contains a command injection vulnerability. CVE-2019-15107 March 25, 2022

By the Year

In 2024 there have been 1 vulnerability in Webmin with an average score of 4.8 out of ten. Last year Webmin had 27 security vulnerabilities published. Right now, Webmin is on track to have less security vulnerabilities in 2024 than it did last year. Last year, the average CVE base score was greater by 0.76

Year Vulnerabilities Average Score
2024 1 4.80
2023 27 5.56
2022 14 7.91
2021 3 9.07
2020 4 6.43
2019 6 7.85
2018 1 9.80

It may take a day or so for new Webmin vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Webmin Security Vulnerabilities

Cross Site Scripting vulnerability (XSS) in webmin v.2.105 and earlier

CVE-2023-52046 4.8 - Medium - January 25, 2024

Cross Site Scripting vulnerability (XSS) in webmin v.2.105 and earlier allows a remote attacker to execute arbitrary code via a crafted payload to the "Execute cron job as" tab Input field.

XSS

There is a stored cross-site scripting (XSS) vulnerability in Webmin 2.002 and below via the Cluster Cron Job tab Input field, which

CVE-2023-43309 4.8 - Medium - September 21, 2023

There is a stored cross-site scripting (XSS) vulnerability in Webmin 2.002 and below via the Cluster Cron Job tab Input field, which allows attackers to run malicious scripts by injecting a specially crafted payload.

XSS

Multiple stored cross-site scripting (XSS) vulnerabilities in Usermin 2.000

CVE-2023-41157 5.4 - Medium - September 16, 2023

Multiple stored cross-site scripting (XSS) vulnerabilities in Usermin 2.000 allow remote attackers to inject arbitrary web script or HTML via the folder name parameter while creating the folder to manage the folder tab, filter tab, and forward mail tab.

XSS

A reflected cross-site scripting (XSS) vulnerability in the File Manager function of Webmin v2.100

CVE-2023-40983 6.1 - Medium - September 15, 2023

A reflected cross-site scripting (XSS) vulnerability in the File Manager function of Webmin v2.100 allows attackers to execute malicious scripts via injecting a crafted payload into the Find in Results file.

XSS

A stored cross-site scripting (XSS) vulnerability in Webmin v2.100

CVE-2023-40982 5.4 - Medium - September 15, 2023

A stored cross-site scripting (XSS) vulnerability in Webmin v2.100 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cloned module name parameter.

XSS

A reflected cross-site scripting (XSS) vulnerability in the File Manager function of Webmin v2.100

CVE-2023-40984 5.4 - Medium - September 15, 2023

A reflected cross-site scripting (XSS) vulnerability in the File Manager function of Webmin v2.100 allows attackers to execute malicious scripts via injecting a crafted payload into the Replace in Results file.

XSS

A stored cross-site scripting (XSS) vulnerability in the Usermin Configuration function of Webmin v2.100

CVE-2023-40986 5.4 - Medium - September 15, 2023

A stored cross-site scripting (XSS) vulnerability in the Usermin Configuration function of Webmin v2.100 allows attackers to execute arbitrary web sripts or HTML via a crafted payload injected into the Custom field.

XSS

An issue was discovered in Webmin 2.100

CVE-2023-40985 5.4 - Medium - September 15, 2023

An issue was discovered in Webmin 2.100. The File Manager functionality allows an attacker to exploit a Cross-Site Scripting (XSS) vulnerability. By providing a malicious payload, an attacker can inject arbitrary code, which is then executed within the context of the victim's browser when any file is searched/replaced.

XSS

A Stored Cross-Site Scripting (XSS) vulnerability while editing the autoreply file page in Usermin 2.000

CVE-2023-41159 5.4 - Medium - September 14, 2023

A Stored Cross-Site Scripting (XSS) vulnerability while editing the autoreply file page in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML by editing the forward file manually.

XSS

A Stored Cross-Site Scripting (XSS) vulnerability in the filter and forward mail tab in Usermin 2.001

CVE-2023-41156 5.4 - Medium - September 14, 2023

A Stored Cross-Site Scripting (XSS) vulnerability in the filter and forward mail tab in Usermin 2.001 allows remote attackers to inject arbitrary web script or HTML via the save to new folder named field while creating a new filter.

XSS

A Stored Cross-Site Scripting (XSS) vulnerability in the SSH configuration tab in Usermin 2.001

CVE-2023-41160 5.4 - Medium - September 14, 2023

A Stored Cross-Site Scripting (XSS) vulnerability in the SSH configuration tab in Usermin 2.001 allows remote attackers to inject arbitrary web script or HTML via the key name field while adding an authorized key.

XSS

A Reflected Cross-site scripting (XSS) vulnerability in the file manager tab in Usermin 2.000

CVE-2023-41162 6.1 - Medium - September 13, 2023

A Reflected Cross-site scripting (XSS) vulnerability in the file manager tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the file mask field while searching under the tools drop down.

XSS

A Stored Cross-Site Scripting (XSS) vulnerability in the MIME type programs tab in Usermin 2.000

CVE-2023-41152 5.4 - Medium - September 13, 2023

A Stored Cross-Site Scripting (XSS) vulnerability in the MIME type programs tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the handle program field while creating a new MIME type program.

XSS

A Stored Cross-Site Scripting (XSS) vulnerability in the scheduled cron jobs tab in Usermin 2.000

CVE-2023-41154 5.4 - Medium - September 13, 2023

A Stored Cross-Site Scripting (XSS) vulnerability in the scheduled cron jobs tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the value field parameter while creating a new environment variable.

XSS

A Stored Cross-Site Scripting (XSS) vulnerability in the mail forwarding and replies tab in Webmin and Usermin 2.000

CVE-2023-41155 5.4 - Medium - September 13, 2023

A Stored Cross-Site Scripting (XSS) vulnerability in the mail forwarding and replies tab in Webmin and Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the forward to field while creating a mail forwarding rule.

XSS

A Stored Cross-Site Scripting (XSS) vulnerability in the MIME type programs tab in Usermin 2.000

CVE-2023-41158 5.4 - Medium - September 13, 2023

A Stored Cross-Site Scripting (XSS) vulnerability in the MIME type programs tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the description field while creating a new MIME type program.

XSS

Multiple stored cross-site scripting (XSS) vulnerabilities in Usermin 2.000

CVE-2023-41161 5.4 - Medium - September 07, 2023

Multiple stored cross-site scripting (XSS) vulnerabilities in Usermin 2.000 allow remote attackers to inject arbitrary web script or HTML via the key comment to different pages such as public key details, Export key, sign key, send to key server page, and fetch from key server page tab.

XSS

A Reflected Cross-site scripting (XSS) vulnerability in the file manager tab in Usermin 2.000

CVE-2023-41163 6.1 - Medium - August 30, 2023

A Reflected Cross-site scripting (XSS) vulnerability in the file manager tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the replace in results field while replacing the results under the tools drop down.

XSS

A Stored Cross-Site Scripting (XSS) vulnerability in the SSH configuration tab in Usermin 2.001

CVE-2023-41153 5.4 - Medium - August 29, 2023

A Stored Cross-Site Scripting (XSS) vulnerability in the SSH configuration tab in Usermin 2.001 allows remote attackers to inject arbitrary web script or HTML via options for the host value while editing the host options.

XSS

An issue was discovered in Webmin 2.021

CVE-2023-38308 6.1 - Medium - July 31, 2023

An issue was discovered in Webmin 2.021. A Cross-Site Scripting (XSS) vulnerability was discovered in the HTTP Tunnel functionality when handling third-party domain URLs. By providing a crafted URL from a third-party domain, an attacker can inject malicious code. leading to the execution of arbitrary JavaScript code within the context of the victim's browser.

XSS

Built by Foundeo Inc., with data from the National Vulnerability Database (NVD), Icons by Icons8. Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.