Webmin Usermin
22 CVEs affecting Webmin Usermin. Latest disclosed: 2025-04-28. Critical: 1, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2015-2079 | Critical | 9.9 | 2025-04-28 | Usermin 0.980 through 1.x before 1.660 allows uconfig_save.cgi sig_file_free remote code execution because it uses the two argument (not three argument) form o… |
CVE-2022-35132 | High | 8.8 | 2022-10-25 | Usermin through 1.850 allows a remote authenticated user to execute OS commands via command injection in a filename for the GPG module. |
CVE-2024-36453 | Medium | 6.1 | 2024-07-10 | Cross-site scripting vulnerability exists in session_login.cgi of Webmin versions prior to 1.970 and Usermin versions prior to 1.820. If this vulnerability is… |
CVE-2023-41162 | Medium | 6.1 | 2023-09-13 | A Reflected Cross-site scripting (XSS) vulnerability in the file manager tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML vi… |
CVE-2022-36880 | Medium | 6.1 | 2022-07-27 | The Read Mail module in Webmin 1.995 and Usermin through 1.850 allows XSS via a crafted HTML e-mail message. |
CVE-2016-4897 | Medium | 6.1 | 2017-04-12 | Multiple cross-site scripting (XSS) vulnerabilities in (1) filter/save_forward.cgi, (2) filter/save.cgi, (3) /man/search.cgi in Usermin before 1.690. |
CVE-2023-41157 | Medium | 5.4 | 2023-09-16 | Multiple stored cross-site scripting (XSS) vulnerabilities in Usermin 2.000 allow remote attackers to inject arbitrary web script or HTML via the folder name p… |
CVE-2023-41160 | Medium | 5.4 | 2023-09-14 | A Stored Cross-Site Scripting (XSS) vulnerability in the SSH configuration tab in Usermin 2.001 allows remote attackers to inject arbitrary web script or HTML… |
CVE-2023-41159 | Medium | 5.4 | 2023-09-14 | A Stored Cross-Site Scripting (XSS) vulnerability while editing the autoreply file page in Usermin 2.000 allows remote attackers to inject arbitrary web script… |
CVE-2023-41156 | Medium | 5.4 | 2023-09-14 | A Stored Cross-Site Scripting (XSS) vulnerability in the filter and forward mail tab in Usermin 2.001 allows remote attackers to inject arbitrary web script or… |
CVE-2023-41158 | Medium | 5.4 | 2023-09-13 | A Stored Cross-Site Scripting (XSS) vulnerability in the MIME type programs tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML… |
CVE-2023-41155 | Medium | 5.4 | 2023-09-13 | A Stored Cross-Site Scripting (XSS) vulnerability in the mail forwarding and replies tab in Webmin and Usermin 2.000 allows remote attackers to inject arbitrar… |
CVE-2023-41154 | Medium | 5.4 | 2023-09-13 | A Stored Cross-Site Scripting (XSS) vulnerability in the scheduled cron jobs tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTM… |
CVE-2023-41152 | Medium | 5.4 | 2023-09-13 | A Stored Cross-Site Scripting (XSS) vulnerability in the MIME type programs tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML… |
CVE-2023-41161 | Medium | 5.4 | 2023-09-07 | Multiple stored cross-site scripting (XSS) vulnerabilities in Usermin 2.000 allow remote attackers to inject arbitrary web script or HTML via the key comment t… |
CVE-2023-41153 | Medium | 5.4 | 2023-08-29 | A Stored Cross-Site Scripting (XSS) vulnerability in the SSH configuration tab in Usermin 2.001 allows remote attackers to inject arbitrary web script or HTML… |
CVE-2024-44762 | Medium | 5.3 | 2024-10-16 | A discrepancy in error messages for invalid login attempts in Webmin Usermin v2.100 allows attackers to enumerate valid user accounts. |
CVE-2014-3884 | | 2014-07-20 | Cross-site scripting (XSS) vulnerability in Usermin before 1.600 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE… | |
CVE-2014-3883 | | 2014-06-21 | Usermin before 1.600 allows remote attackers to execute arbitrary operating-system commands via unspecified vectors related to a user action. | |
CVE-2009-4568 | | 2010-01-05 | Cross-site scripting (XSS) vulnerability in Webmin before 1.500 and Usermin before 1.430 allows remote attackers to inject arbitrary web script or HTML via uns… |