Shodan
Vulnerabilities
Vulnerable Software
Webmin:  Security Vulnerabilities
CVE-2017-15646
Webmin before 1.860 has XSS with resultant remote code execution. Under the 'Others/File Manager' menu, there is a 'Download from remote URL' option to download a file from a remote server. After setting up a malicious server, one can wait for a file download request and then send an XSS payload that will lead to Remote Code Execution, as demonstrated by an OS command in the value attribute of a name='cmd' input element.
CVSS Score
6.1
EPSS Score
0.048
Published
2017-10-19
CVE-2017-9313
Multiple Cross-site scripting (XSS) vulnerabilities in Webmin before 1.850 allow remote attackers to inject arbitrary web script or HTML via the sec parameter to view_man.cgi, the referers parameter to change_referers.cgi, or the name parameter to save_user.cgi. NOTE: these issues were not fixed in 1.840.
CVSS Score
6.1
EPSS Score
0.014
Published
2017-07-04
CVE-2017-2106
Multiple cross-site scripting vulnerabilities in Webmin versions prior to 1.830 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
6.1
EPSS Score
0.017
Published
2017-04-28
CVE-2016-4897
Multiple cross-site scripting (XSS) vulnerabilities in (1) filter/save_forward.cgi, (2) filter/save.cgi, (3) /man/search.cgi in Usermin before 1.690.
CVSS Score
6.1
EPSS Score
0.011
Published
2017-04-12
CVE-2015-1377
The Read Mail module in Webmin 1.720 allows local users to read arbitrary files via a symlink attack on an unspecified file.
CVSS Score
4.9
EPSS Score
0.004
Published
2015-02-10
CVE-2014-3884
Cross-site scripting (XSS) vulnerability in Usermin before 1.600 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this might overlap CVE-2014-3924.
CVSS Score
4.3
EPSS Score
0.014
Published
2014-07-20
CVE-2014-3885
Cross-site scripting (XSS) vulnerability in Webmin before 1.690 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. NOTE: this might overlap CVE-2014-3924.
CVSS Score
4.3
EPSS Score
0.009
Published
2014-07-20
CVE-2014-3886
Cross-site scripting (XSS) vulnerability in Webmin before 1.690, when referrer checking is disabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this might overlap CVE-2014-3924.
CVSS Score
2.6
EPSS Score
0.009
Published
2014-07-20
CVE-2014-3883
Usermin before 1.600 allows remote attackers to execute arbitrary operating-system commands via unspecified vectors related to a user action.
CVSS Score
6.8
EPSS Score
0.013
Published
2014-06-21
CVE-2014-3924
Multiple cross-site scripting (XSS) vulnerabilities in Webmin before 1.690 and Usermin before 1.600 allow remote attackers to inject arbitrary web script or HTML via vectors related to popup windows.
CVSS Score
4.3
EPSS Score
0.014
Published
2014-05-30


Products
Pricing
Contact Us

Shodan ® - All rights reserved