Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Webmin Number Of NVD 87 CRITICAL 6 HIGH 27 MEDIUM 49 LOW 5
URL https://www.webmin.com/
Explanation Webmin is a web-based interface for Unix system administration. Using a modern web browser, you can set up user accounts, Apache, DNS, file sharing, and more. Webmin eliminates the need to manually edit Unix configuration files such as / etc / passwd, and allows you to manage your system from the console or remotely.

Excerpted and translated from [https://www.webmin.com/
Tag
  • BSD License
Add Information URL
No Type Name URL
1 https://www.webmin.com/download.html
2 https://www.webmin.com/changes.html
3 https://www.webmin.com/security.html
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
51 Webmin 2 2.610 Nov. 23, 2025 Aug. 23, 2022 0 0 19 0
52 Webmin 1 1.470, March 14, 2023 Sept. 12, 2002 6 20 31 2
53 Webmin 0 0.990 July 1, 2002 Oct. 5, 1997 2 17 23 4
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
51 8.6
5.0 		HIGH
Network 		SSRF exists in Webmin 1.850 via the PATH_INFO to tunnel/link.cgi, as demonstrated by a GET request for tunnel/link.cgi/http://INTRANET-IP:8000. CWE-918
Server-Side Request Forgery (SSRF)  		CVE-2017-15644 cpe:2.3:a:webmin:webmin:*:* 1.850 2024-11-21 12:14
2017-10-20 		Show GitHub Exploit DB Packet Storm
52 6.1
4.3 		MEDIUM
Network 		Multiple Cross-site scripting (XSS) vulnerabilities in Webmin before 1.850 allow remote attackers to inject arbitrary web script or HTML via the sec parameter to view_man.cgi, the referers parameter … CWE-79
Cross-site Scripting 		CVE-2017-9313 cpe:2.3:a:webmin:webmin:*:* 1.840 2024-11-21 12:35
2017-07-4 		Show GitHub Exploit DB Packet Storm
53 6.1
4.3 		MEDIUM
Network 		Multiple cross-site scripting vulnerabilities in Webmin versions prior to 1.830 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. CWE-79
Cross-site Scripting 		CVE-2017-2106 cpe:2.3:a:webmin:webmin:*:* 1.820 2024-11-21 12:22
2017-04-29 		Show GitHub Exploit DB Packet Storm
54 -
4.9 		MEDIUM The Read Mail module in Webmin 1.720 allows local users to read arbitrary files via a symlink attack on an unspecified file. CWE-59
Link Following 		CVE-2015-1377 cpe:2.3:a:webmin:webmin:*:* 1.720 2024-11-21 11:25
2015-02-11 		Show GitHub Exploit DB Packet Storm
55 -
2.6 		LOW Cross-site scripting (XSS) vulnerability in Webmin before 1.690, when referrer checking is disabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: thi… CWE-79
Cross-site Scripting 		CVE-2014-3886 cpe:2.3:a:webmin:webmin:1.670:*
cpe:2.3:a:webmin:webmin:1.660:*
cpe:2.3:a:webmin:webmin:1.650:*
cpe:2.3:a:webm… 		1.680 2024-11-21 11:09
2014-07-20 		Show GitHub Exploit DB Packet Storm
56 -
4.3 		MEDIUM Cross-site scripting (XSS) vulnerability in Webmin before 1.690 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. NOTE: this might overlap CVE-2014-39… CWE-79
Cross-site Scripting 		CVE-2014-3885 cpe:2.3:a:webmin:webmin:1.670:*
cpe:2.3:a:webmin:webmin:1.660:*
cpe:2.3:a:webmin:webmin:1.650:*
cpe:2.3:a:webm… 		1.680 2024-11-21 11:09
2014-07-20 		Show GitHub Exploit DB Packet Storm
57 -
4.3 		MEDIUM Multiple cross-site scripting (XSS) vulnerabilities in Webmin before 1.690 and Usermin before 1.600 allow remote attackers to inject arbitrary web script or HTML via vectors related to popup windows. CWE-79
Cross-site Scripting 		CVE-2014-3924 cpe:2.3:a:webmin:webmin:*:* 1.680 2024-11-21 11:09
2014-05-30 		Show GitHub Exploit DB Packet Storm
58 -
4.3 		MEDIUM Cross-site scripting (XSS) vulnerability in view.cgi in Webmin before 1.680 allows remote attackers to inject arbitrary web script or HTML via the search parameter. CWE-79
Cross-site Scripting 		CVE-2014-0339 cpe:2.3:a:webmin:webmin:1.660:*
cpe:2.3:a:webmin:webmin:1.650:*
cpe:2.3:a:webmin:webmin:1.640:*
cpe:2.3:a:webm… 		1.670 2024-11-21 11:01
2014-03-16 		Show GitHub Exploit DB Packet Storm
59 -
4.3 		MEDIUM Cross-site scripting (XSS) vulnerability in Webmin 1.540 and earlier allows local users to inject arbitrary web script or HTML via a chfn command that changes the real (aka Full Name) field, related … CWE-79
Cross-site Scripting 		CVE-2011-1937 cpe:2.3:a:webmin:webmin:1.530:*
cpe:2.3:a:webmin:webmin:1.520:*
cpe:2.3:a:webmin:webmin:1.510:*
cpe:2.3:a:webm… 		1.540 2024-11-21 10:27
2011-06-1 		Show GitHub Exploit DB Packet Storm
60 -
4.3 		MEDIUM Cross-site scripting (XSS) vulnerability in Webmin before 1.500 and Usermin before 1.430 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. CWE-79
Cross-site Scripting 		CVE-2009-4568 cpe:2.3:a:webmin:webmin:1.370:*
cpe:2.3:a:webmin:webmin:1.360:*
cpe:2.3:a:webmin:webmin:1.343:*
cpe:2.3:a:webm… 		1.390 2026-04-23 09:35
2010-01-6 		Show GitHub Exploit DB Packet Storm