Show filters
109 Total Results
Displaying 41-50 of 109
Sort by:
Attacker Value
Unknown

CVE-2022-30708

Disclosure Date: May 15, 2022 (last updated October 07, 2023)
Webmin through 1.991, when the Authentic theme is used, allows remote code execution when a user has been manually created (i.e., not created in Virtualmin or Cloudmin). This occurs because settings-editor_write.cgi does not properly restrict the file parameter.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2021-32162

Disclosure Date: April 11, 2022 (last updated February 23, 2025)
A Cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 through the File Manager feature.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2021-32161

Disclosure Date: April 11, 2022 (last updated February 23, 2025)
A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 through the File Manager feature.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2021-32160

Disclosure Date: April 11, 2022 (last updated February 23, 2025)
A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 through the Add Users feature.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2021-32159

Disclosure Date: April 11, 2022 (last updated February 23, 2025)
A Cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 via the Upload and Download feature.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2021-32158

Disclosure Date: April 11, 2022 (last updated February 23, 2025)
A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 via the Upload and Download feature.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2021-32157

Disclosure Date: April 11, 2022 (last updated February 23, 2025)
A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 via the Scheduled Cron Jobs feature.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2021-32156

Disclosure Date: April 11, 2022 (last updated February 23, 2025)
A cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 via the Scheduled Cron Jobs feature.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2022-0829

Disclosure Date: March 02, 2022 (last updated February 23, 2025)
Improper Authorization in GitHub repository webmin/webmin prior to 1.990.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-0824

Disclosure Date: March 02, 2022 (last updated February 23, 2025)
Improper Access Control to Remote Code Execution in GitHub repository webmin/webmin prior to 1.990.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
View More Topics  < Previous  Next >