Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Webmin Number Of NVD 87 CRITICAL 6 HIGH 27 MEDIUM 49 LOW 5
URL https://www.webmin.com/
Explanation Webmin is a web-based interface for Unix system administration. Using a modern web browser, you can set up user accounts, Apache, DNS, file sharing, and more. Webmin eliminates the need to manually edit Unix configuration files such as / etc / passwd, and allows you to manage your system from the console or remotely.

Excerpted and translated from [https://www.webmin.com/
Tag
  • BSD License
Add Information URL
No Type Name URL
1 https://www.webmin.com/download.html
2 https://www.webmin.com/changes.html
3 https://www.webmin.com/security.html
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
61 Webmin 2 2.610 Nov. 23, 2025 Aug. 23, 2022 0 0 19 0
62 Webmin 1 1.470, March 14, 2023 Sept. 12, 2002 6 20 31 2
63 Webmin 0 0.990 July 1, 2002 Oct. 5, 1997 2 17 23 4
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
61 -
4.3 		MEDIUM Cross-site scripting (XSS) vulnerability in Webmin 1.370 and 1.390 and Usermin 1.300 and 1.320 allows remote attackers to inject arbitrary web script or HTML via the search parameter to webmin_search… CWE-79
Cross-site Scripting 		CVE-2008-0720 cpe:2.3:a:webmin:webmin:1.390:*
cpe:2.3:a:webmin:webmin:1.370:* 		2026-04-23 09:35
2008-02-12 		Show GitHub Exploit DB Packet Storm
62 -
9.0 		HIGH Unspecified vulnerability in Webmin before 1.370 on Windows allows remote authenticated users to execute arbitrary commands via a crafted URL. CWE-20
 Improper Input Validation  		CVE-2007-5066 cpe:2.3:a:webmin:webmin:*:* 1.360 2026-04-23 09:35
2007-09-25 		Show GitHub Exploit DB Packet Storm
63 -
4.3 		MEDIUM Multiple cross-site scripting (XSS) vulnerabilities in pam_login.cgi in Webmin before 1.350 and Usermin before 1.280 allow remote attackers to inject arbitrary web script or HTML via the (1) cid, (2)… CWE-79
Cross-site Scripting 		CVE-2007-3156 cpe:2.3:a:webmin:webmin:*:* 1.340 2026-04-23 09:35
2007-06-12 		Show GitHub Exploit DB Packet Storm
64 -
4.3 		MEDIUM Multiple cross-site scripting (XSS) vulnerabilities in chooser.cgi in Webmin before 1.330 and Usermin before 1.260 allow remote attackers to inject arbitrary web script or HTML via a crafted filename. CWE-352
 Origin Validation Error 		CVE-2007-1276 cpe:2.3:a:webmin:webmin:1.3.20:*
cpe:2.3:a:webmin:webmin:1.2.50:*
cpe:2.3:a:webmin:webmin:1.2.40:*
cpe:2.3:a:w… 		2026-04-23 09:35
2007-03-6 		Show GitHub Exploit DB Packet Storm
65 -
6.8 		MEDIUM Webmin before 1.296 and Usermin before 1.226 do not properly handle a URL with a null ("%00") character, which allows remote attackers to conduct cross-site scripting (XSS), read CGI program source c… CWE-79
Cross-site Scripting 		CVE-2006-4542 cpe:2.3:a:webmin:webmin:1.2.80:*
cpe:2.3:a:webmin:webmin:1.2.70:*
cpe:2.3:a:webmin:webmin:1.2.60:*
cpe:2.3:a:w… 		1.2.90 2017-07-20 10:33
2006-09-6 		Show GitHub Exploit DB Packet Storm
66 -
5.0 		MEDIUM Webmin before 1.290 and Usermin before 1.220 calls the simplify_path function before decoding HTML, which allows remote attackers to read arbitrary files, as demonstrated using "..%01" sequences, whi… NVD-CWE-Other
CVE-2006-3392 cpe:2.3:a:webmin:webmin:*:* 1.2.80 2018-10-19 01:47
2006-07-7 		Show GitHub Exploit DB Packet Storm
67 -
5.0 		MEDIUM Directory traversal vulnerability in Webmin before 1.280, when run on Windows, allows remote attackers to read arbitrary files via \ (backslash) characters in the URL to certain directories under the… NVD-CWE-Other
CVE-2006-3274 cpe:2.3:a:webmin:webmin:1.2.60:*
cpe:2.3:a:webmin:webmin:1.2.50:*
cpe:2.3:a:webmin:webmin:1.2.40:*
cpe:2.3:a:w… 		1.2.70 2018-10-19 01:46
2006-06-29 		Show GitHub Exploit DB Packet Storm
68 -
7.5 		HIGH Format string vulnerability in miniserv.pl Perl web server in Webmin before 1.250 and Usermin before 1.180, with syslog logging enabled, allows remote attackers to cause a denial of service (crash or… NVD-CWE-Other
CVE-2005-3912 cpe:2.3:a:webmin:webmin:*:* 1.100
1.200

1.180
1.250 		2019-04-4 01:24
2005-11-30 		Show GitHub Exploit DB Packet Storm
69 -
7.5 		HIGH miniserv.pl in Webmin before 1.230 and Usermin before 1.160, when "full PAM conversations" is enabled, allows remote attackers to bypass authentication by spoofing session IDs via certain metacharact… NVD-CWE-Other
CVE-2005-3042 cpe:2.3:a:webmin:webmin:1.2.20:* 2011-03-8 11:25
2005-09-22 		Show GitHub Exploit DB Packet Storm
70 -
10.0 		HIGH Unknown vulnerability in (1) Webmin and (2) Usermin before 1.200 causes Webmin to change permissions and ownership of configuration files, with unknown impact. NVD-CWE-Other
CVE-2005-1177 cpe:2.3:a:webmin:webmin:1.1.40:*
cpe:2.3:a:webmin:webmin:1.1.30:*
cpe:2.3:a:webmin:webmin:1.1.20:*
cpe:2.3:a:w… 		2017-07-11 10:32
2005-05-2 		Show GitHub Exploit DB Packet Storm