CVE-2014-0339
- EPSS 1.57%
- Veröffentlicht 16.03.2014 14:06:45
- Zuletzt bearbeitet 06.05.2026 22:30:45
Cross-site scripting (XSS) vulnerability in view.cgi in Webmin before 1.680 allows remote attackers to inject arbitrary web script or HTML via the search parameter.
CVE-2011-1937
- EPSS 1.92%
- Veröffentlicht 31.05.2011 20:55:05
- Zuletzt bearbeitet 16.06.2026 23:30:25
Cross-site scripting (XSS) vulnerability in Webmin 1.540 and earlier allows local users to inject arbitrary web script or HTML via a chfn command that changes the real (aka Full Name) field, related to useradmin/index.cgi and useradmin/user-lib.pl.
CVE-2009-4568
- EPSS 1.65%
- Veröffentlicht 05.01.2010 19:00:00
- Zuletzt bearbeitet 16.06.2026 23:13:54
Cross-site scripting (XSS) vulnerability in Webmin before 1.500 and Usermin before 1.430 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2008-0720
- EPSS 1.22%
- Veröffentlicht 12.02.2008 02:00:00
- Zuletzt bearbeitet 16.06.2026 22:50:12
Cross-site scripting (XSS) vulnerability in Webmin 1.370 and 1.390 and Usermin 1.300 and 1.320 allows remote attackers to inject arbitrary web script or HTML via the search parameter to webmin_search.cgi (aka the search section), and possibly other c...
- EPSS 2.45%
- Veröffentlicht 24.09.2007 23:17:00
- Zuletzt bearbeitet 16.06.2026 22:45:23
Unspecified vulnerability in Webmin before 1.370 on Windows allows remote authenticated users to execute arbitrary commands via a crafted URL.
CVE-2007-3156
- EPSS 1.57%
- Veröffentlicht 11.06.2007 22:30:00
- Zuletzt bearbeitet 16.06.2026 22:41:10
Multiple cross-site scripting (XSS) vulnerabilities in pam_login.cgi in Webmin before 1.350 and Usermin before 1.280 allow remote attackers to inject arbitrary web script or HTML via the (1) cid, (2) message, or (3) question parameter. NOTE: some of...
CVE-2007-1276
- EPSS 0.62%
- Veröffentlicht 05.03.2007 20:19:00
- Zuletzt bearbeitet 16.06.2026 22:37:16
Multiple cross-site scripting (XSS) vulnerabilities in chooser.cgi in Webmin before 1.330 and Usermin before 1.260 allow remote attackers to inject arbitrary web script or HTML via a crafted filename.
CVE-2006-4542
- EPSS 2.97%
- Veröffentlicht 05.09.2006 23:04:00
- Zuletzt bearbeitet 16.06.2026 22:29:18
Webmin before 1.296 and Usermin before 1.226 do not properly handle a URL with a null ("%00") character, which allows remote attackers to conduct cross-site scripting (XSS), read CGI program source code, list directories, and possibly execute program...
- EPSS 77.95%
- Veröffentlicht 06.07.2006 20:05:00
- Zuletzt bearbeitet 16.06.2026 22:26:58
Webmin before 1.290 and Usermin before 1.220 calls the simplify_path function before decoding HTML, which allows remote attackers to read arbitrary files, as demonstrated using "..%01" sequences, which bypass the removal of "../" sequences before byt...
- EPSS 2.36%
- Veröffentlicht 28.06.2006 22:05:00
- Zuletzt bearbeitet 16.06.2026 22:26:45
Directory traversal vulnerability in Webmin before 1.280, when run on Windows, allows remote attackers to read arbitrary files via \ (backslash) characters in the URL to certain directories under the web root, such as the image directory.