Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Webmin Number Of NVD 87 CRITICAL 6 HIGH 27 MEDIUM 49 LOW 5
URL https://www.webmin.com/
Explanation Webmin is a web-based interface for Unix system administration. Using a modern web browser, you can set up user accounts, Apache, DNS, file sharing, and more. Webmin eliminates the need to manually edit Unix configuration files such as / etc / passwd, and allows you to manage your system from the console or remotely.

Excerpted and translated from [https://www.webmin.com/
Tag
  • BSD License
Add Information URL
No Type Name URL
1 https://www.webmin.com/download.html
2 https://www.webmin.com/changes.html
3 https://www.webmin.com/security.html
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
31 Webmin 2 2.610 Nov. 23, 2025 Aug. 23, 2022 0 0 19 0
32 Webmin 1 1.470, March 14, 2023 Sept. 12, 2002 6 20 31 2
33 Webmin 0 0.990 July 1, 2002 Oct. 5, 1997 2 17 23 4
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
31 8.1
5.5 		HIGH
Network 		Improper Authorization in GitHub repository webmin/webmin prior to 1.990. - CVE-2022-0829 cpe:2.3:a:webmin:webmin:*:* 1.990 2024-11-21 15:39
2022-03-2 		Show GitHub Exploit DB Packet Storm
32 8.8
9.0 		HIGH
Network 		Improper Access Control to Remote Code Execution in GitHub repository webmin/webmin prior to 1.990. - CVE-2022-0824 cpe:2.3:a:webmin:webmin:*:* 1.990 2024-11-21 15:39
2022-03-2 		Show GitHub Exploit DB Packet Storm
33 8.8
6.8 		HIGH
Network 		Webmin 1.973 is affected by Cross Site Request Forgery (CSRF) to create a privileged user through Webmin's add users feature, and then get a reverse shell through Webmin's running process feature. CWE-352
 Origin Validation Error 		CVE-2021-31762 cpe:2.3:a:webmin:webmin:1.973:* 2024-11-21 15:06
2021-04-26 		Show GitHub Exploit DB Packet Storm
34 9.6
6.8 		CRITICAL
Network 		Webmin 1.973 is affected by reflected Cross Site Scripting (XSS) to achieve Remote Command Execution through Webmin's running process feature. CWE-79
Cross-site Scripting 		CVE-2021-31761 cpe:2.3:a:webmin:webmin:1.973:* 2024-11-21 15:06
2021-04-26 		Show GitHub Exploit DB Packet Storm
35 8.8
6.8 		HIGH
Network 		Webmin 1.973 is affected by Cross Site Request Forgery (CSRF) to achieve Remote Command Execution (RCE) through Webmin's running process feature. CWE-352
 Origin Validation Error 		CVE-2021-31760 cpe:2.3:a:webmin:webmin:1.973:* 2024-11-21 15:06
2021-04-26 		Show GitHub Exploit DB Packet Storm
36 9.8
7.5 		CRITICAL
Network 		miniserv.pl in Webmin 1.962 on Windows mishandles special characters in query arguments to the CGI program. NVD-CWE-noinfo
CVE-2020-35769 cpe:2.3:a:webmin:webmin:1.962:* 2024-11-21 14:28
2020-12-29 		Show GitHub Exploit DB Packet Storm
37 8.8
9.0 		HIGH
Network 		Arbitrary command execution can occur in Webmin through 1.962. Any user authorized for the Package Updates module can execute arbitrary commands with root privileges via vectors involving %0A and %0C… CWE-78
OS Command  		CVE-2020-35606 cpe:2.3:a:webmin:webmin:*:* 1.962 2024-11-21 14:27
2020-12-22 		Show GitHub Exploit DB Packet Storm
38 5.4
3.5 		MEDIUM
Network 		An Improper Data Validation Vulnerability exists in Webmin 1.941 and earlier affecting the Command Shell Endpoint. A user may enter HTML code into the Command field and submit it. Then, after visitin… CWE-79
Cross-site Scripting 		CVE-2020-8821 cpe:2.3:a:webmin:webmin:*:* 1.941 2024-11-21 14:39
2020-10-13 		Show GitHub Exploit DB Packet Storm
39 5.4
3.5 		MEDIUM
Network 		An XSS Vulnerability exists in Webmin 1.941 and earlier affecting the Cluster Shell Commands Endpoint. A user may enter any XSS Payload into the Command field and execute it. Then, after revisiting t… CWE-79
Cross-site Scripting 		CVE-2020-8820 cpe:2.3:a:webmin:webmin:*:* 1.941 2024-11-21 14:39
2020-10-13 		Show GitHub Exploit DB Packet Storm
40 6.1
4.3 		MEDIUM
Network 		XSS exists in Webmin 1.941 and earlier affecting the Save function of the Read User Email Module / mailboxes Endpoint when attempting to save HTML emails. This module parses any output without saniti… CWE-79
Cross-site Scripting 		CVE-2020-12670 cpe:2.3:a:webmin:webmin:*:* 1.941 2024-11-21 14:00
2020-10-13 		Show GitHub Exploit DB Packet Storm