Webmin
This hub aggregates every CVE we track for Webmin, a product in the web cms plugins space. Use it to gauge the current risk picture and drill into individual advisories.
65
CVEs tracked
6
Critical
22
High
1
In CISA KEV
Severity distribution
MEDIUM35HIGH22CRITICAL6LOW2
Monthly trend
0
1
0
0
1
0
0
0
0
1
0
0
0
0
1
0
0
0
0
0
0
1
0
0
2024-082026-07
Latest CVEs
The 15 most recently published vulnerabilities affecting Webmin.
- CVE-2026-49102Webmin before 2.640 allows mailboxes/detach.cgi XSS via an SVG document attachment that is viewed in the mailboxes component, because image/svg+xml is used instead of a safe type (e.g., text/plain).6.1
- CVE-2025-61541Webmin 2.510 is vulnerable to a Host Header Injection in the password reset functionality (forgot_send.cgi). The reset link sent to users is constructed using the HTTP Host header via get_webmin_em...7.1
- CVE-2025-2774Уязвимость веб-панели управления сервером Webmin, позволяющая нарушителю повысить свои привилегии8.8
- CVE-2024-12828Webmin CGI Command Injection Remote Code Execution Vulnerability8.8
- CVE-2024-45692Webmin before 2.202 and Virtualmin before 7.20.2 allow a network traffic loop via spoofed UDP packets on port 10000.7.5
- CVE-2024-36453Cross-site scripting vulnerability exists in session_login.cgi of Webmin versions prior to 1.970 and Usermin versions prior to 1.820. If this vulnerability is exploited, an arbitrary script may be ...6.1
- CVE-2024-36452Cross-site request forgery vulnerability exists in ajaxterm module of Webmin versions prior to 2.003. If this vulnerability is exploited, unintended operations may be performed when a user views a ...3.1
- CVE-2024-36451Improper handling of insufficient permissions or privileges vulnerability exists in ajaxterm module of Webmin prior to 2.003. If this vulnerability is exploited, a console session may be hijacked b...8.8
- CVE-2024-36450Cross-site scripting vulnerability exists in sysinfo.cgi of Webmin versions prior to 1.910. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user wh...5.4
- CVE-2024-2169Implementations of UDP application protocols are susceptible to network loops and denial of service7.5
- CVE-2023-52046Cross Site Scripting vulnerability (XSS) in webmin v.2.105 and earlier allows a remote attacker to execute arbitrary code via a crafted payload to the "Execute cron job as" tab Input field.4.8
- CVE-2023-43309There is a stored cross-site scripting (XSS) vulnerability in Webmin 2.002 and below via the Cluster Cron Job tab Input field, which allows attackers to run malicious scripts by injecting a special...4.8
- CVE-2023-40983A reflected cross-site scripting (XSS) vulnerability in the File Manager function of Webmin v2.100 allows attackers to execute malicious scripts via injecting a crafted payload into the Find in Res...6.1
- CVE-2023-40985An issue was discovered in Webmin 2.100. The File Manager functionality allows an attacker to exploit a Cross-Site Scripting (XSS) vulnerability. By providing a malicious payload, an attacker can i...5.4
- CVE-2023-40984A reflected cross-site scripting (XSS) vulnerability in the File Manager function of Webmin v2.100 allows attackers to execute malicious scripts via injecting a crafted payload into the Replace in ...5.4
Product normalization is registry-driven with AI assist and human review. How it works