Webmin : Security Vulnerabilities, CVEs, Published In 2017 (XSS)
custom/run.cgi in Webmin before 1.870 allows remote authenticated administrators to conduct XSS attacks via the description field in the custom command functionality.
Max CVSS
4.8
EPSS Score
0.06%
Published
2017-12-30
Updated
2018-01-12
Webmin before 1.860 has XSS with resultant remote code execution. Under the 'Others/File Manager' menu, there is a 'Download from remote URL' option to download a file from a remote server. After setting up a malicious server, one can wait for a file download request and then send an XSS payload that will lead to Remote Code Execution, as demonstrated by an OS command in the value attribute of a name='cmd' input element.
Max CVSS
6.1
EPSS Score
0.24%
Published
2017-10-19
Updated
2017-11-08
Multiple Cross-site scripting (XSS) vulnerabilities in Webmin before 1.850 allow remote attackers to inject arbitrary web script or HTML via the sec parameter to view_man.cgi, the referers parameter to change_referers.cgi, or the name parameter to save_user.cgi. NOTE: these issues were not fixed in 1.840.
Max CVSS
6.1
EPSS Score
0.21%
Published
2017-07-04
Updated
2017-07-10
Multiple cross-site scripting vulnerabilities in Webmin versions prior to 1.830 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
6.1
EPSS Score
0.12%
Published
2017-04-28
Updated
2017-05-10
Multiple cross-site scripting (XSS) vulnerabilities in (1) filter/save_forward.cgi, (2) filter/save.cgi, (3) /man/search.cgi in Usermin before 1.690.
Max CVSS
6.1
EPSS Score
0.12%
Published
2017-04-12
Updated
2017-04-19
5 vulnerabilities found