Webmin

Webmin

94 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.5

CVE-2025-67738

  • EPSS 0.05%
  • Veröffentlicht 11.12.2025 06:34:10
  • Zuletzt bearbeitet 18.12.2025 14:16:00

squid/cachemgr.cgi in Webmin before 2.600 does not properly quote arguments. This is relevant if Webmin's Squid module and its Cache Manager feature are available, and an untrusted party is able to authenticate to Webmin and has certain Cache Manager...

7.1

CVE-2025-61541

Exploit
  • EPSS 0.05%
  • Veröffentlicht 16.10.2025 00:00:00
  • Zuletzt bearbeitet 06.11.2025 22:20:36

Webmin 2.510 is vulnerable to a Host Header Injection in the password reset functionality (forgot_send.cgi). The reset link sent to users is constructed using the HTTP Host header via get_webmin_email_url(). An attacker can manipulate the Host header...

8.8

CVE-2024-12828

  • EPSS 21.72%
  • Veröffentlicht 30.12.2024 17:15:07
  • Zuletzt bearbeitet 14.08.2025 18:41:57

Webmin CGI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Webmin. Authentication is required to exploit this vulnerability. The specific flaw ...

7.5

CVE-2024-45692

  • EPSS 0.05%
  • Veröffentlicht 04.09.2024 23:15:12
  • Zuletzt bearbeitet 05.09.2024 21:35:14

Webmin before 2.202 and Virtualmin before 7.20.2 allow a network traffic loop via spoofed UDP packets on port 10000.

6.1

CVE-2024-36453

  • EPSS 0.3%
  • Veröffentlicht 10.07.2024 07:15:03
  • Zuletzt bearbeitet 08.10.2025 16:54:02

Cross-site scripting vulnerability exists in session_login.cgi of Webmin versions prior to 1.970 and Usermin versions prior to 1.820. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed ...

3.1

CVE-2024-36452

  • EPSS 0.15%
  • Veröffentlicht 10.07.2024 07:15:03
  • Zuletzt bearbeitet 08.10.2025 16:53:35

Cross-site request forgery vulnerability exists in ajaxterm module of Webmin versions prior to 2.003. If this vulnerability is exploited, unintended operations may be performed when a user views a malicious page while logged in. As a result, data wit...

8.8

CVE-2024-36451

  • EPSS 0.15%
  • Veröffentlicht 10.07.2024 07:15:03
  • Zuletzt bearbeitet 08.10.2025 16:54:20

Improper handling of insufficient permissions or privileges vulnerability exists in ajaxterm module of Webmin prior to 2.003. If this vulnerability is exploited, a console session may be hijacked by an unauthorized user. As a result, data within a sy...

5.4

CVE-2024-36450

  • EPSS 0.24%
  • Veröffentlicht 10.07.2024 07:15:02
  • Zuletzt bearbeitet 13.03.2025 15:15:44

Cross-site scripting vulnerability exists in sysinfo.cgi of Webmin versions prior to 1.910. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product. As a result...

4.8

CVE-2023-52046

Exploit
  • EPSS 0.04%
  • Veröffentlicht 25.01.2024 21:15:08
  • Zuletzt bearbeitet 30.05.2025 15:15:27

Cross Site Scripting vulnerability (XSS) in webmin v.2.105 and earlier allows a remote attacker to execute arbitrary code via a crafted payload to the "Execute cron job as" tab Input field.

4.8

CVE-2023-43309

Exploit
  • EPSS 0.06%
  • Veröffentlicht 21.09.2023 14:15:10
  • Zuletzt bearbeitet 21.11.2024 08:23:58

There is a stored cross-site scripting (XSS) vulnerability in Webmin 2.002 and below via the Cluster Cron Job tab Input field, which allows attackers to run malicious scripts by injecting a specially crafted payload.