CPE Details
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
CPE Name: cpe:2.3:a:webmin:webmin:1.953:*:*:*:*:*:*:*
Informations
Vendor
webminProduct
webminVersion
1.953Related CVE
| CVE ID | Published | Description | Score | Severity |
|---|---|---|---|---|
| Webmin before 2.202 and Virtualmin before 7.20.2 allow a network traffic loop via spoofed UDP packets on port 10000. | 7.5 |
High |
||
| Cross Site Scripting vulnerability (XSS) in webmin v.2.105 and earlier allows a remote attacker to execute arbitrary code via a crafted payload to the "Execute cron job as" tab Input field. | 4.8 |
Medium |
||
| There is a stored cross-site scripting (XSS) vulnerability in Webmin 2.002 and below via the Cluster Cron Job tab Input field, which allows attackers to run malicious scripts by injecting a specially crafted payload. | 4.8 |
Medium |
||
| software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command. | 9.8 |
Critical |
||
| Webmin through 1.991, when the Authentic theme is used, allows remote code execution when a user has been manually created (i.e., not created in Virtualmin or Cloudmin). This occurs because settings-editor_write.cgi does not properly restrict the file parameter. | 8.8 |
High |
||
| Improper Authorization in GitHub repository webmin/webmin prior to 1.990. | 8.1 |
High |
||
| Improper Access Control to Remote Code Execution in GitHub repository webmin/webmin prior to 1.990. | 8.8 |
High |
||
| Arbitrary command execution can occur in Webmin through 1.962. Any user authorized for the Package Updates module can execute arbitrary commands with root privileges via vectors involving %0A and %0C. NOTE: this issue exists because of an incomplete fix for CVE-2019-12840. | 8.8 |
High |
2025©
tesweb SA
