usermin · threatengine.sh

CVE-2015-2079

>= 0.980 and < 1.660

Usermin 0.980 through 1.x before 1.660 allows uconfig_save.cgi sig_file_free remote code execution because it uses the two argumen

9.9CRITICAL

CVE-2024-44762

all versions

A discrepancy in error messages for invalid login attempts in Webmin Usermin v2.100 allows attackers to enumerate valid user accou

5.3MEDIUM

CVE-2024-36453

< 1.820

Cross-site scripting vulnerability exists in session_login.cgi of Webmin versions prior to 1.970 and Usermin versions prior to 1.8

6.1MEDIUM

CVE-2023-41157

all versions

Multiple stored cross-site scripting (XSS) vulnerabilities in Usermin 2.000 allow remote attackers to inject arbitrary web script

5.4MEDIUM

CVE-2023-41160

all versions

A Stored Cross-Site Scripting (XSS) vulnerability in the SSH configuration tab in Usermin 2.001 allows remote attackers to inject

5.4MEDIUM

CVE-2023-41159

all versions

A Stored Cross-Site Scripting (XSS) vulnerability while editing the autoreply file page in Usermin 2.000 allows remote attackers t

5.4MEDIUM

CVE-2023-41156

all versions

A Stored Cross-Site Scripting (XSS) vulnerability in the filter and forward mail tab in Usermin 2.001 allows remote attackers to i

5.4MEDIUM

CVE-2023-41162

all versions

A Reflected Cross-site scripting (XSS) vulnerability in the file manager tab in Usermin 2.000 allows remote attackers to inject ar

6.1MEDIUM

CVE-2023-41158

all versions

A Stored Cross-Site Scripting (XSS) vulnerability in the MIME type programs tab in Usermin 2.000 allows remote attackers to inject

5.4MEDIUM

CVE-2023-41155

all versions

A Stored Cross-Site Scripting (XSS) vulnerability in the mail forwarding and replies tab in Webmin and Usermin 2.000 allows remote

5.4MEDIUM

CVE-2023-41154

all versions

A Stored Cross-Site Scripting (XSS) vulnerability in the scheduled cron jobs tab in Usermin 2.000 allows remote attackers to injec

5.4MEDIUM

CVE-2023-41152

all versions

A Stored Cross-Site Scripting (XSS) vulnerability in the MIME type programs tab in Usermin 2.000 allows remote attackers to inject

5.4MEDIUM

CVE-2023-41161

all versions

Multiple stored cross-site scripting (XSS) vulnerabilities in Usermin 2.000 allow remote attackers to inject arbitrary web script

5.4MEDIUM

CVE-2023-41153

all versions

A Stored Cross-Site Scripting (XSS) vulnerability in the SSH configuration tab in Usermin 2.001 allows remote attackers to inject

5.4MEDIUM

CVE-2022-35132

<= 1.850

Usermin through 1.850 allows a remote authenticated user to execute OS commands via command injection in a filename for the GPG mo

8.8HIGH

CVE-2022-36880

<= 1.850

The Read Mail module in Webmin 1.995 and Usermin through 1.850 allows XSS via a crafted HTML e-mail message.

6.1MEDIUM

CVE-2016-4897

<= 1.680

Multiple cross-site scripting (XSS) vulnerabilities in (1) filter/save_forward.cgi, (2) filter/save.cgi, (3) /man/search.cgi in Us

6.1MEDIUM

CVE-2014-3884

<= 1.590

Cross-site scripting (XSS) vulnerability in Usermin before 1.600 allows remote attackers to inject arbitrary web script or HTML vi

CVE-2014-3883

<= 1.590

Usermin before 1.600 allows remote attackers to execute arbitrary operating-system commands via unspecified vectors related to a u

CVE-2009-4568

<= 1.32

Cross-site scripting (XSS) vulnerability in Webmin before 1.500 and Usermin before 1.430 allows remote attackers to inject arbitra

CVE-2008-0720

all versions

Cross-site scripting (XSS) vulnerability in Webmin 1.370 and 1.390 and Usermin 1.300 and 1.320 allows remote attackers to inject a

CVE-2007-3156

<= 1.280

Multiple cross-site scripting (XSS) vulnerabilities in pam_login.cgi in Webmin before 1.350 and Usermin before 1.280 allow remote

CVE-2007-1276

all versions

Multiple cross-site scripting (XSS) vulnerabilities in chooser.cgi in Webmin before 1.330 and Usermin before 1.260 allow remote at

CVE-2006-4246

<= 1.210

Usermin before 1.220 (20060629) allows remote attackers to read arbitrary files, possibly related to chfn/save.cgi not properly ha

CVE-2006-4542

<= 1.220

Webmin before 1.296 and Usermin before 1.226 do not properly handle a URL with a null ("%00") character, which allows remote attac

CVE-2006-3392

<= 1.210

Webmin before 1.290 and Usermin before 1.220 calls the simplify_path function before decoding HTML, which allows remote attackers

CVE-2005-3042

all versions

miniserv.pl in Webmin before 1.230 and Usermin before 1.160, when "full PAM conversations" is enabled, allows remote attackers to

CVE-2005-1177

all versions

Unknown vulnerability in (1) Webmin and (2) Usermin before 1.200 causes Webmin to change permissions and ownership of configuratio

CVE-2004-1468

all versions

The web mail functionality in Usermin 1.x and Webmin 1.x allows remote attackers to execute arbitrary commands via shell metachara

CVE-2004-0559

all versions

The maketemp.pl script in Usermin 1.070 and 1.080 allows local users to overwrite arbitrary files at install time via a symlink at

CVE-2004-0588

all versions

Cross-site scripting (XSS) vulnerability in the web mail module for Usermin 1.070 allows remote attackers to insert arbitrary HTML

CVE-2004-0583

all versions

The account lockout functionality in (1) Webmin 1.140 and (2) Usermin 1.070 does not parse certain character strings, which allows

CVE-2003-0101

all versions

miniserv.pl in (1) Webmin before 1.070 and (2) Usermin before 1.000 does not properly handle metacharacters such as line feeds and

CVE-2002-0757

all versions

(1) Webmin 0.96 and (2) Usermin 0.90 with password timeouts enabled allow local and possibly remote attackers to bypass authentica

CVE-2002-0756

all versions

Cross-site scripting vulnerability in the authentication page for (1) Webmin 0.96 and (2) Usermin 0.90 allows remote attackers to

webmin usermin