Webmin Usermin

22 CVEs affecting Webmin Usermin. Latest disclosed: 2025-04-28. Critical: 1, High: 1.

Top CVEs affecting Webmin Usermin
CVESeverityScorePublishedSummary
CVE-2015-2079Critical9.92025-04-28Usermin 0.980 through 1.x before 1.660 allows uconfig_save.cgi sig_file_free remote code execution because it uses the two argument (not three argument) form o…
CVE-2022-35132High8.82022-10-25Usermin through 1.850 allows a remote authenticated user to execute OS commands via command injection in a filename for the GPG module.
CVE-2024-36453Medium6.12024-07-10Cross-site scripting vulnerability exists in session_login.cgi of Webmin versions prior to 1.970 and Usermin versions prior to 1.820. If this vulnerability is…
CVE-2023-41162Medium6.12023-09-13A Reflected Cross-site scripting (XSS) vulnerability in the file manager tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML vi…
CVE-2022-36880Medium6.12022-07-27The Read Mail module in Webmin 1.995 and Usermin through 1.850 allows XSS via a crafted HTML e-mail message.
CVE-2016-4897Medium6.12017-04-12Multiple cross-site scripting (XSS) vulnerabilities in (1) filter/save_forward.cgi, (2) filter/save.cgi, (3) /man/search.cgi in Usermin before 1.690.
CVE-2023-41157Medium5.42023-09-16Multiple stored cross-site scripting (XSS) vulnerabilities in Usermin 2.000 allow remote attackers to inject arbitrary web script or HTML via the folder name p…
CVE-2023-41160Medium5.42023-09-14A Stored Cross-Site Scripting (XSS) vulnerability in the SSH configuration tab in Usermin 2.001 allows remote attackers to inject arbitrary web script or HTML…
CVE-2023-41159Medium5.42023-09-14A Stored Cross-Site Scripting (XSS) vulnerability while editing the autoreply file page in Usermin 2.000 allows remote attackers to inject arbitrary web script…
CVE-2023-41156Medium5.42023-09-14A Stored Cross-Site Scripting (XSS) vulnerability in the filter and forward mail tab in Usermin 2.001 allows remote attackers to inject arbitrary web script or…
CVE-2023-41158Medium5.42023-09-13A Stored Cross-Site Scripting (XSS) vulnerability in the MIME type programs tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML…
CVE-2023-41155Medium5.42023-09-13A Stored Cross-Site Scripting (XSS) vulnerability in the mail forwarding and replies tab in Webmin and Usermin 2.000 allows remote attackers to inject arbitrar…
CVE-2023-41154Medium5.42023-09-13A Stored Cross-Site Scripting (XSS) vulnerability in the scheduled cron jobs tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTM…
CVE-2023-41152Medium5.42023-09-13A Stored Cross-Site Scripting (XSS) vulnerability in the MIME type programs tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML…
CVE-2023-41161Medium5.42023-09-07Multiple stored cross-site scripting (XSS) vulnerabilities in Usermin 2.000 allow remote attackers to inject arbitrary web script or HTML via the key comment t…
CVE-2023-41153Medium5.42023-08-29A Stored Cross-Site Scripting (XSS) vulnerability in the SSH configuration tab in Usermin 2.001 allows remote attackers to inject arbitrary web script or HTML…
CVE-2024-44762Medium5.32024-10-16A discrepancy in error messages for invalid login attempts in Webmin Usermin v2.100 allows attackers to enumerate valid user accounts.
CVE-2014-38842014-07-20Cross-site scripting (XSS) vulnerability in Usermin before 1.600 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE…
CVE-2014-38832014-06-21Usermin before 1.600 allows remote attackers to execute arbitrary operating-system commands via unspecified vectors related to a user action.
CVE-2009-45682010-01-05Cross-site scripting (XSS) vulnerability in Webmin before 1.500 and Usermin before 1.430 allows remote attackers to inject arbitrary web script or HTML via uns…