Webmin

Webmin

92 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2024-12828

  • EPSS 2.33%
  • Veröffentlicht 30.12.2024 17:15:07
  • Zuletzt bearbeitet 14.08.2025 18:41:57

Webmin CGI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Webmin. Authentication is required to exploit this vulnerability. The specific flaw ...

7.5

CVE-2024-45692

  • EPSS 0.08%
  • Veröffentlicht 04.09.2024 23:15:12
  • Zuletzt bearbeitet 05.09.2024 21:35:14

Webmin before 2.202 and Virtualmin before 7.20.2 allow a network traffic loop via spoofed UDP packets on port 10000.

6.1

CVE-2024-36453

  • EPSS 0.22%
  • Veröffentlicht 10.07.2024 07:15:03
  • Zuletzt bearbeitet 08.10.2025 16:54:02

Cross-site scripting vulnerability exists in session_login.cgi of Webmin versions prior to 1.970 and Usermin versions prior to 1.820. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed ...

3.1

CVE-2024-36452

  • EPSS 0.15%
  • Veröffentlicht 10.07.2024 07:15:03
  • Zuletzt bearbeitet 08.10.2025 16:53:35

Cross-site request forgery vulnerability exists in ajaxterm module of Webmin versions prior to 2.003. If this vulnerability is exploited, unintended operations may be performed when a user views a malicious page while logged in. As a result, data wit...

8.8

CVE-2024-36451

  • EPSS 0.13%
  • Veröffentlicht 10.07.2024 07:15:03
  • Zuletzt bearbeitet 08.10.2025 16:54:20

Improper handling of insufficient permissions or privileges vulnerability exists in ajaxterm module of Webmin prior to 2.003. If this vulnerability is exploited, a console session may be hijacked by an unauthorized user. As a result, data within a sy...

5.4

CVE-2024-36450

  • EPSS 0.18%
  • Veröffentlicht 10.07.2024 07:15:02
  • Zuletzt bearbeitet 13.03.2025 15:15:44

Cross-site scripting vulnerability exists in sysinfo.cgi of Webmin versions prior to 1.910. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product. As a result...

4.8

CVE-2023-52046

Exploit
  • EPSS 0.04%
  • Veröffentlicht 25.01.2024 21:15:08
  • Zuletzt bearbeitet 30.05.2025 15:15:27

Cross Site Scripting vulnerability (XSS) in webmin v.2.105 and earlier allows a remote attacker to execute arbitrary code via a crafted payload to the "Execute cron job as" tab Input field.

4.8

CVE-2023-43309

Exploit
  • EPSS 0.06%
  • Veröffentlicht 21.09.2023 14:15:10
  • Zuletzt bearbeitet 21.11.2024 08:23:58

There is a stored cross-site scripting (XSS) vulnerability in Webmin 2.002 and below via the Cluster Cron Job tab Input field, which allows attackers to run malicious scripts by injecting a specially crafted payload.

6.1

CVE-2023-40983

Exploit
  • EPSS 0.88%
  • Veröffentlicht 15.09.2023 04:15:10
  • Zuletzt bearbeitet 21.11.2024 08:20:22

A reflected cross-site scripting (XSS) vulnerability in the File Manager function of Webmin v2.100 allows attackers to execute malicious scripts via injecting a crafted payload into the Find in Results file.

5.4

CVE-2023-40982

Exploit
  • EPSS 0.26%
  • Veröffentlicht 15.09.2023 03:15:09
  • Zuletzt bearbeitet 21.11.2024 08:20:21

A stored cross-site scripting (XSS) vulnerability in Webmin v2.100 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cloned module name parameter.