U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. VulnerabilitiesSearch And Statistics

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): cpe:2.3:a:webmin:webmin:1.330:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 29 matching records.
Displaying matches 21 through 29.
Vuln ID Summary CVSS Severity
CVE-2015-1377

The Read Mail module in Webmin 1.720 allows local users to read arbitrary files via a symlink attack on an unspecified file.

Published: February 10, 2015; 3:59:03 PM -0500 		V3.x:(not available)
 V2.0: 4.9 MEDIUM
CVE-2014-3886

Cross-site scripting (XSS) vulnerability in Webmin before 1.690, when referrer checking is disabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this might overlap CVE-2014-3924.

Published: July 20, 2014; 7:12:50 AM -0400 		V3.x:(not available)
 V2.0: 2.6 LOW
CVE-2014-3885

Cross-site scripting (XSS) vulnerability in Webmin before 1.690 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. NOTE: this might overlap CVE-2014-3924.

Published: July 20, 2014; 7:12:50 AM -0400 		V3.x:(not available)
 V2.0: 4.3 MEDIUM
CVE-2014-3924

Multiple cross-site scripting (XSS) vulnerabilities in Webmin before 1.690 and Usermin before 1.600 allow remote attackers to inject arbitrary web script or HTML via vectors related to popup windows.

Published: May 30, 2014; 10:55:09 AM -0400 		V3.x:(not available)
 V2.0: 4.3 MEDIUM
CVE-2014-0339

Cross-site scripting (XSS) vulnerability in view.cgi in Webmin before 1.680 allows remote attackers to inject arbitrary web script or HTML via the search parameter.

Published: March 16, 2014; 10:06:45 AM -0400 		V3.x:(not available)
 V2.0: 4.3 MEDIUM
CVE-2011-1937

Cross-site scripting (XSS) vulnerability in Webmin 1.540 and earlier allows local users to inject arbitrary web script or HTML via a chfn command that changes the real (aka Full Name) field, related to useradmin/index.cgi and useradmin/user-lib.pl.

Published: May 31, 2011; 4:55:05 PM -0400 		V3.x:(not available)
 V2.0: 4.3 MEDIUM
CVE-2009-4568

Cross-site scripting (XSS) vulnerability in Webmin before 1.500 and Usermin before 1.430 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: January 05, 2010; 2:00:00 PM -0500 		V3.x:(not available)
 V2.0: 4.3 MEDIUM
CVE-2007-5066

Unspecified vulnerability in Webmin before 1.370 on Windows allows remote authenticated users to execute arbitrary commands via a crafted URL.

Published: September 24, 2007; 7:17:00 PM -0400 		V3.x:(not available)
 V2.0: 9.0 HIGH
CVE-2007-3156

Multiple cross-site scripting (XSS) vulnerabilities in pam_login.cgi in Webmin before 1.350 and Usermin before 1.280 allow remote attackers to inject arbitrary web script or HTML via the (1) cid, (2) message, or (3) question parameter. NOTE: some of these details are obtained from third party information.

Published: June 11, 2007; 6:30:00 PM -0400 		V3.x:(not available)
 V2.0: 4.3 MEDIUM