webmin
DevTools & CIoss-project
Latest CVEs
The 15 most recently published vulnerabilities affecting webmin.
- CVE-2026-49102Webmin before 2.640 allows mailboxes/detach.cgi XSS via an SVG document attachment that is viewed in the mailboxes component, because image/svg+xml is used instead of a safe type (e.g., text/plain).6.1
- CVE-2025-61541Webmin 2.510 is vulnerable to a Host Header Injection in the password reset functionality (forgot_send.cgi). The reset link sent to users is constructed using the HTTP Host header via get_webmin_em...7.1
- CVE-2025-2774Уязвимость веб-панели управления сервером Webmin, позволяющая нарушителю повысить свои привилегии8.8
- CVE-2015-2079Usermin 0.980 through 1.x before 1.660 allows uconfig_save.cgi sig_file_free remote code execution because it uses the two argument (not three argument) form of Perl open.9.9
- CVE-2024-12828Webmin CGI Command Injection Remote Code Execution Vulnerability8.8
- CVE-2024-44762A discrepancy in error messages for invalid login attempts in Webmin Usermin v2.100 allows attackers to enumerate valid user accounts.5.3
- CVE-2024-45692Webmin before 2.202 and Virtualmin before 7.20.2 allow a network traffic loop via spoofed UDP packets on port 10000.7.5
- CVE-2024-36453Cross-site scripting vulnerability exists in session_login.cgi of Webmin versions prior to 1.970 and Usermin versions prior to 1.820. If this vulnerability is exploited, an arbitrary script may be ...6.1
- CVE-2024-36452Cross-site request forgery vulnerability exists in ajaxterm module of Webmin versions prior to 2.003. If this vulnerability is exploited, unintended operations may be performed when a user views a ...3.1
- CVE-2024-36451Improper handling of insufficient permissions or privileges vulnerability exists in ajaxterm module of Webmin prior to 2.003. If this vulnerability is exploited, a console session may be hijacked b...8.8
- CVE-2024-36450Cross-site scripting vulnerability exists in sysinfo.cgi of Webmin versions prior to 1.910. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user wh...5.4
- CVE-2024-2169Implementations of UDP application protocols are susceptible to network loops and denial of service7.5
- CVE-2023-52046Cross Site Scripting vulnerability (XSS) in webmin v.2.105 and earlier allows a remote attacker to execute arbitrary code via a crafted payload to the "Execute cron job as" tab Input field.4.8
- CVE-2023-43309There is a stored cross-site scripting (XSS) vulnerability in Webmin 2.002 and below via the Cluster Cron Job tab Input field, which allows attackers to run malicious scripts by injecting a special...4.8
- CVE-2023-41157Multiple stored cross-site scripting (XSS) vulnerabilities in Usermin 2.000 allow remote attackers to inject arbitrary web script or HTML via the folder name parameter while creating the folder to ...5.4