This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Webmin First view 1999-12-31
Product Webmin Last view 2024-01-25
Version Type
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:webmin:webmin:0.92:*:*:*:*:*:*:* 41
cpe:2.3:a:webmin:webmin:0.91:*:*:*:*:*:*:* 41
cpe:2.3:a:webmin:webmin:0.80:*:*:*:*:*:*:* 40
cpe:2.3:a:webmin:webmin:1.1.40:*:*:*:*:*:*:* 39
cpe:2.3:a:webmin:webmin:0.93:*:*:*:*:*:*:* 39
cpe:2.3:a:webmin:webmin:0.94:*:*:*:*:*:*:* 39
cpe:2.3:a:webmin:webmin:0.41:*:*:*:*:*:*:* 38
cpe:2.3:a:webmin:webmin:0.21:*:*:*:*:*:*:* 38
cpe:2.3:a:webmin:webmin:1.0.60:*:*:*:*:*:*:* 38
cpe:2.3:a:webmin:webmin:0.95:*:*:*:*:*:*:* 38
cpe:2.3:a:webmin:webmin:1.0.00:*:*:*:*:*:*:* 38
cpe:2.3:a:webmin:webmin:0.31:*:*:*:*:*:*:* 38
cpe:2.3:a:webmin:webmin:0.22:*:*:*:*:*:*:* 38
cpe:2.3:a:webmin:webmin:0.88:*:*:*:*:*:*:* 38
cpe:2.3:a:webmin:webmin:0.92.1:*:*:*:*:*:*:* 38
cpe:2.3:a:webmin:webmin:0.42:*:*:*:*:*:*:* 38
cpe:2.3:a:webmin:webmin:0.96:*:*:*:*:*:*:* 38
cpe:2.3:a:webmin:webmin:0.76:*:*:*:*:*:*:* 37
cpe:2.3:a:webmin:webmin:1.0.50:*:*:*:*:*:*:* 37
cpe:2.3:a:webmin:webmin:0.77:*:*:*:*:*:*:* 37
cpe:2.3:a:webmin:webmin:0.51:*:*:*:*:*:*:* 37
cpe:2.3:a:webmin:webmin:1.1.30:*:*:*:*:*:*:* 37
cpe:2.3:a:webmin:webmin:1.0.20:*:*:*:*:*:*:* 37
cpe:2.3:a:webmin:webmin:1.0.90:*:*:*:*:*:*:* 37
cpe:2.3:a:webmin:webmin:1.0.80:*:*:*:*:*:*:* 37
cpe:2.3:a:webmin:webmin:0.4:*:*:*:*:*:*:* 37
cpe:2.3:a:webmin:webmin:0.85:*:*:*:*:*:*:* 37
cpe:2.3:a:webmin:webmin:0.79:*:*:*:*:*:*:* 37
cpe:2.3:a:webmin:webmin:0.78:*:*:*:*:*:*:* 37
cpe:2.3:a:webmin:webmin:1.0.70:*:*:*:*:*:*:* 37
cpe:2.3:a:webmin:webmin:1.1.00:*:*:*:*:*:*:* 37
cpe:2.3:a:webmin:webmin:0.5:*:*:*:*:*:*:* 37
cpe:2.3:a:webmin:webmin:0.7:*:*:*:*:*:*:* 37
cpe:2.3:a:webmin:webmin:0.6:*:*:*:*:*:*:* 37
cpe:2.3:a:webmin:webmin:0.83:*:*:*:*:*:*:* 37
cpe:2.3:a:webmin:webmin:1.1.10:*:*:*:*:*:*:* 37
cpe:2.3:a:webmin:webmin:1.1.50:*:*:*:*:*:*:* 36
cpe:2.3:a:webmin:webmin:1.1.21:*:*:*:*:*:*:* 36
cpe:2.3:a:webmin:webmin:0.99:*:*:*:*:*:*:* 36
cpe:2.3:a:webmin:webmin:0.98:*:*:*:*:*:*:* 36
cpe:2.3:a:webmin:webmin:0.97:*:*:*:*:*:*:* 36
cpe:2.3:a:webmin:webmin:0.84:*:*:*:*:*:*:* 36
cpe:2.3:a:webmin:webmin:0.1:*:*:*:*:*:*:* 36
cpe:2.3:a:webmin:webmin:0.3:*:*:*:*:*:*:* 36
cpe:2.3:a:webmin:webmin:0.2:*:*:*:*:*:*:* 36
cpe:2.3:a:webmin:webmin:0.90:*:*:*:*:*:*:* 35
cpe:2.3:a:webmin:webmin:1.0.51:*:*:*:*:*:*:* 35
cpe:2.3:a:webmin:webmin:1.0.30:*:*:*:*:*:*:* 35
cpe:2.3:a:webmin:webmin:1.0.40:*:*:*:*:*:*:* 35
cpe:2.3:a:webmin:webmin:1.0.10:*:*:*:*:*:*:* 35

Related : CVE

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
4.8 2024-01-25 CVE-2023-52046

Cross Site Scripting vulnerability (XSS) in webmin v.2.105 and earlier allows a remote attacker to execute arbitrary code via a crafted payload to the "Execute cron job as" tab Input field.

4.8 2023-09-21 CVE-2023-43309

There is a stored cross-site scripting (XSS) vulnerability in Webmin 2.002 and below via the Cluster Cron Job tab Input field, which allows attackers to run malicious scripts by injecting a specially crafted payload.

5.4 2023-09-15 CVE-2023-40986

A stored cross-site scripting (XSS) vulnerability in the Usermin Configuration function of Webmin v2.100 allows attackers to execute arbitrary web sripts or HTML via a crafted payload injected into the Custom field.

5.4 2023-09-15 CVE-2023-40985

An issue was discovered in Webmin 2.100. The File Manager functionality allows an attacker to exploit a Cross-Site Scripting (XSS) vulnerability. By providing a malicious payload, an attacker can inject arbitrary code, which is then executed within the context of the victim's browser when any file is searched/replaced.

5.4 2023-09-15 CVE-2023-40984

A reflected cross-site scripting (XSS) vulnerability in the File Manager function of Webmin v2.100 allows attackers to execute malicious scripts via injecting a crafted payload into the Replace in Results file.

6.1 2023-09-15 CVE-2023-40983

A reflected cross-site scripting (XSS) vulnerability in the File Manager function of Webmin v2.100 allows attackers to execute malicious scripts via injecting a crafted payload into the Find in Results file.

5.4 2023-09-15 CVE-2023-40982

A stored cross-site scripting (XSS) vulnerability in Webmin v2.100 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cloned module name parameter.

5.4 2023-09-13 CVE-2023-41155

A Stored Cross-Site Scripting (XSS) vulnerability in the mail forwarding and replies tab in Webmin and Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the forward to field while creating a mail forwarding rule.

6.1 2023-08-30 CVE-2023-41163

A Reflected Cross-site scripting (XSS) vulnerability in the file manager tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the replace in results field while replacing the results under the tools drop down.

5.4 2023-07-31 CVE-2023-38311

An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the System Logs Viewer functionality. The vulnerability allows an attacker to store a malicious payload in the configuration field, triggering the execution of the payload when saving the configuration or when accessing the System Logs Viewer page.

5.4 2023-07-31 CVE-2023-38310

An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the configuration settings of the system logs functionality. The vulnerability allows an attacker to store an XSS payload in the configuration settings of specific log files. This results in the execution of that payload whenever the affected log files are accessed.

6.1 2023-07-31 CVE-2023-38309

An issue was discovered in Webmin 2.021. A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the package search functionality. The vulnerability allows an attacker to inject a malicious payload in the "Search for Package" field, which gets reflected back in the application's response, leading to the execution of arbitrary JavaScript code within the context of the victim's browser.

6.1 2023-07-31 CVE-2023-38308

An issue was discovered in Webmin 2.021. A Cross-Site Scripting (XSS) vulnerability was discovered in the HTTP Tunnel functionality when handling third-party domain URLs. By providing a crafted URL from a third-party domain, an attacker can inject malicious code. leading to the execution of arbitrary JavaScript code within the context of the victim's browser.

5.4 2023-07-31 CVE-2023-38307

An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the Users and Groups functionality. The vulnerability occurs when an authenticated user adds a new user and inserts an XSS payload into the user's real name.

6.1 2023-07-31 CVE-2023-38306

An issue was discovered in Webmin 2.021. A Cross-site Scripting (XSS) Bypass vulnerability was discovered in the file upload functionality. Normally, the application restricts the upload of certain file types such as .svg, .php, etc., and displays an error message if a prohibited file type is detected. However, by following certain steps, an attacker can bypass these restrictions and inject malicious code.

6.1 2023-07-31 CVE-2023-38305

An issue was discovered in Webmin 2.021. The download functionality allows an attacker to exploit a Cross-Site Scripting (XSS) vulnerability. By providing a crafted download path containing a malicious payload, an attacker can inject arbitrary code, which is then executed within the context of the victim's browser when the download link is accessed.

5.4 2023-07-31 CVE-2023-38304

An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the Users and Groups functionality, allowing an attacker to store a malicious payload in the Group Name field when creating a new group.

5.4 2023-07-31 CVE-2023-38303

An issue was discovered in Webmin 2.021. One can exploit a stored Cross-Site Scripting (XSS) attack to achieve Remote Command Execution (RCE) through the Users and Group's real name parameter.

6.1 2022-11-02 CVE-2022-3844

A vulnerability, which was classified as problematic, was found in Webmin 2.001. Affected is an unknown function of the file xterm/index.cgi. The manipulation leads to basic cross site scripting. It is possible to launch the attack remotely. Upgrading to version 2.003 is able to address this issue. The patch is identified as d3d33af3c0c3fd3a889c84e287a038b7a457d811. It is recommended to upgrade the affected component. VDB-212862 is the identifier assigned to this vulnerability.

6.1 2022-07-27 CVE-2022-36880

The Read Mail module in Webmin 1.995 and Usermin through 1.850 allows XSS via a crafted HTML e-mail message.

9.8 2022-07-25 CVE-2022-36446

software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command.

8.8 2022-05-15 CVE-2022-30708

Webmin through 1.991, when the Authentic theme is used, allows remote code execution when a user has been manually created (i.e., not created in Virtualmin or Cloudmin). This occurs because settings-editor_write.cgi does not properly restrict the file parameter.

8.8 2022-04-11 CVE-2021-32162

A Cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 through the File Manager feature.

6.1 2022-04-11 CVE-2021-32161

A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 through the File Manager feature.

6.1 2022-04-11 CVE-2021-32160

A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 through the Add Users feature.

CWE : Common Weakness Enumeration

%idName
67% (42) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
11% (7) CWE-352 Cross-Site Request Forgery (CSRF)
4% (3) CWE-78 Improper Sanitization of Special Elements used in an OS Command ('O...
1% (1) CWE-611 Information Leak Through XML External Entity File Disclosure
1% (1) CWE-285 Improper Access Control (Authorization)
1% (1) CWE-284 Access Control (Authorization) Issues
1% (1) CWE-269 Improper Privilege Management
1% (1) CWE-264 Permissions, Privileges, and Access Controls
1% (1) CWE-116 Improper Encoding or Escaping of Output
1% (1) CWE-94 Failure to Control Generation of Code ('Code Injection')
1% (1) CWE-59 Improper Link Resolution Before File Access ('Link Following')
1% (1) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...
1% (1) CWE-20 Improper Input Validation

SAINT Exploits

Description Link
Webmin password_change.cgi backdoor More info here

Open Source Vulnerability Database (OSVDB)

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
74342 Webmin useradmin/user-lib.pl chfn Command Full Name Field XSS
60883 Webmin / Usermin Unspecified XSS
60228 Webmin RPC Module remote_foreign_* Request Remote File Manipulation
60118 Webmin Printer Administration Module Printer Name Shell Metacharacter Arbitra...
59783 Webmin Default SSL Key Weakness
41117 Webmin/Usermin webmin_search.cgi search Parameter XSS
40772 Webmin Crafted URL Unspecified Arbitrary Command Execution
36932 Webmin pam_login.cgi Multiple Parameter XSS
33832 Webmin/Usermin chooser.cgi Crafted Filename XSS
28338 Webmin/Usermin NULL Character Unspecified XSS
28337 Webmin/Usermin NULL Character Unspecified Source Disclosure
26772 Webmin/Usermin simplify_path() Failure Arbitrary File Disclosure
26771 Webmin Crafted Backslash Request Traversal Arbitrary File Access
21222 Webmin/Usermin miniserv.pl Format String Remote Code Execution
20873 Webmin Interface File Display Content XSS
20872 Webmin RPM Installation /var/webmin Permission Weakness Information Disclosure
20238 Webmin run.cgi Temp File Permission Weakness Arbitrary Command Execution
19575 Webmin/Usermin miniserv.pl Metacharacter PAM Authentication Bypass
15550 Webmin/Usermin Configuration File Permission/Ownership Modification
10803 Webmin/Usermin miniserv.pl Base-64 String Metacharacter Handling Session Spoo...
10802 Webmin/Usermin Authentication Information Control Character Bypass
9776 Usermin HTML Mail Command Execution
9775 Usermin Installation .webmin Symlink Privilege Escalation
9241 Webmin/Usermin Authentication Error Page XSS
8959 Webmin Directory edit_action.cgi Double Dot Traversal Arbitrary File Access

OpenVAS Exploits

id Description
2011-10-20 Name : Webmin / Usermin Login Cross Site Scripting Vulnerability
File : nvt/gb_webmin_login_xss_vuln.nasl
2011-06-20 Name : Mandriva Update for webmin MDVSA-2011:109 (webmin)
File : nvt/gb_mandriva_MDVSA_2011_109.nasl
2010-02-15 Name : Mandriva Update for webmin MDVSA-2010:036 (webmin)
File : nvt/gb_mandriva_MDVSA_2010_036.nasl
2009-05-05 Name : HP-UX Update for Webmin HPSBUX00250
File : nvt/gb_hp_ux_HPSBUX00250.nasl
2009-04-09 Name : Mandriva Update for webmin MDKSA-2007:135 (webmin)
File : nvt/gb_mandriva_MDKSA_2007_135.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200707-05 (webmin/usermin)
File : nvt/glsa_200707_05.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200608-11 (webmin/usermin)
File : nvt/glsa_200608_11.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200512-02 (webmin usermin)
File : nvt/glsa_200512_02.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200509-17 (Webmin Usermin)
File : nvt/glsa_200509_17.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200409-15 (Usermin)
File : nvt/glsa_200409_15.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200406-15 (Usermin)
File : nvt/glsa_200406_15.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200406-12 (webmin)
File : nvt/glsa_200406_12.nasl
2008-09-04 Name : FreeBSD Ports: webmin
File : nvt/freebsd_webmin1.nasl
2008-09-04 Name : FreeBSD Ports: webmin
File : nvt/freebsd_webmin0.nasl
2008-09-04 Name : FreeBSD Ports: webmin
File : nvt/freebsd_webmin.nasl
2008-09-04 Name : FreeBSD Ports: perl
File : nvt/freebsd_perl1.nasl
2008-01-17 Name : Debian Security Advisory DSA 544-1 (webmin)
File : nvt/deb_544_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 526-1 (webmin)
File : nvt/deb_526_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 319-1 (webmin)
File : nvt/deb_319_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 1199-1 (webmin)
File : nvt/deb_1199_1.nasl
2005-11-03 Name : Various dangerous cgi scripts
File : nvt/dangerous_cgis.nasl

Snort® IPS/IDS

Date Description
2019-10-15 Webmin password_change command injection attempt
RuleID : 51489 - Type : SERVER-WEBAPP - Revision : 1
2019-10-15 Webmin password_change command injection attempt
RuleID : 51488 - Type : SERVER-WEBAPP - Revision : 1
2019-10-15 Webmin password_change command injection attempt
RuleID : 51487 - Type : SERVER-WEBAPP - Revision : 1
2019-10-15 Webmin password_change command injection attempt
RuleID : 51486 - Type : SERVER-WEBAPP - Revision : 1
2019-09-26 Webadmin history parameter cross site scripting attempt
RuleID : 51282 - Type : SERVER-WEBAPP - Revision : 1
2019-09-26 Webadmin history parameter cross site scripting attempt
RuleID : 51281 - Type : SERVER-WEBAPP - Revision : 1
2014-01-10 Webmin Directory edit_action.cgi access
RuleID : 2202-community - Type : SERVER-WEBAPP - Revision : 18
2014-01-10 Webmin Directory edit_action.cgi access
RuleID : 2202 - Type : SERVER-WEBAPP - Revision : 18

Nessus® Vulnerability Scanner

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2014-09-16 Name: The remote web server is affected by multiple cross-site scripting vulnerabil...
File: webmin_1_690_mult_xss.nasl - Type: ACT_GATHER_INFO
2014-09-16 Name: The remote web server is affected by multiple vulnerabilities.
File: usermin_1_600_mult.nasl - Type: ACT_GATHER_INFO
2014-09-16 Name: The remote web server is affected by an information disclosure vulnerability.
File: usermin_1226_info_disclosure.nasl - Type: ACT_ATTACK
2014-09-16 Name: The remote web server is affected by an information disclosure flaw.
File: usermin_1220_info_disclosure.nasl - Type: ACT_ATTACK
2011-06-14 Name: The remote Mandriva Linux host is missing a security update.
File: mandriva_MDVSA-2011-109.nasl - Type: ACT_GATHER_INFO
2010-02-15 Name: The remote Mandriva Linux host is missing a security update.
File: mandriva_MDVSA-2010-036.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_ae7b7f6505c711d9b45d000c41e2cdad.nasl - Type: ACT_GATHER_INFO
2007-07-10 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-200707-05.nasl - Type: ACT_GATHER_INFO
2007-06-27 Name: The remote Mandrake Linux host is missing a security update.
File: mandrake_MDKSA-2007-135.nasl - Type: ACT_GATHER_INFO
2007-06-12 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_12b7286f16a211dcb8030016179b2dd5.nasl - Type: ACT_GATHER_INFO
2007-02-18 Name: The remote Mandrake Linux host is missing a security update.
File: mandrake_MDKSA-2006-170.nasl - Type: ACT_GATHER_INFO
2006-12-16 Name: The remote Mandrake Linux host is missing a security update.
File: mandrake_MDKSA-2006-125.nasl - Type: ACT_GATHER_INFO
2006-10-25 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-1199.nasl - Type: ACT_GATHER_INFO
2006-09-02 Name: The remote web server is affected by an information disclosure vulnerability.
File: webmin_1296.nasl - Type: ACT_ATTACK
2006-08-07 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-200608-11.nasl - Type: ACT_GATHER_INFO
2006-07-03 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_227475c209cb11db9156000e0c2e438a.nasl - Type: ACT_GATHER_INFO
2006-06-30 Name: The remote web server is affected by an information disclosure flaw.
File: webmin_1290.nasl - Type: ACT_ATTACK
2006-05-13 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_bb33981a7ac611dabf7200123f589060.nasl - Type: ACT_GATHER_INFO
2006-01-15 Name: The remote Mandrake Linux host is missing a security update.
File: mandrake_MDKSA-2005-176.nasl - Type: ACT_GATHER_INFO
2006-01-15 Name: The remote Mandrake Linux host is missing a security update.
File: mandrake_MDKSA-2005-223.nasl - Type: ACT_GATHER_INFO
2005-12-26 Name: The remote web server is affected by a format string vulnerability.
File: webmin_miniserv_username_format_string.nasl - Type: ACT_DENIAL
2005-12-15 Name: The remote Fedora Core host is missing a security update.
File: fedora_2005-1145.nasl - Type: ACT_GATHER_INFO
2005-12-15 Name: The remote Fedora Core host is missing a security update.
File: fedora_2005-1144.nasl - Type: ACT_GATHER_INFO
2005-12-08 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-200512-02.nasl - Type: ACT_GATHER_INFO
2005-12-07 Name: The remote Fedora Core host is missing a security update.
File: fedora_2005-1116.nasl - Type: ACT_GATHER_INFO