Every CVE whose affected-product data names Usermin, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (13)
CVE-2003-0101 — CVSS 10.0 (critical): miniserv.pl in (1) Webmin before 1.070 and (2) Usermin before 1.000 does not properly handle metacharacters such as line feeds and carriage…
CVE-2005-1177 — CVSS 10.0 (critical): Unknown vulnerability in (1) Webmin and (2) Usermin before 1.200 causes Webmin to change permissions and ownership of configuration files…
CVE-2002-0756 — CVSS 7.5 (high): Cross-site scripting vulnerability in the authentication page for (1) Webmin 0.96 and (2) Usermin 0.90 allows remote attackers to insert…
CVE-2002-0757 — CVSS 7.5 (high): (1) Webmin 0.96 and (2) Usermin 0.90 with password timeouts enabled allow local and possibly remote attackers to bypass authentication and…
CVE-2004-1468 — CVSS 7.5 (high): The web mail functionality in Usermin 1.x and Webmin 1.x allows remote attackers to execute arbitrary commands via shell metacharacters in…
CVE-2005-3042 — CVSS 7.5 (high): miniserv.pl in Webmin before 1.230 and Usermin before 1.160, when "full PAM conversations" is enabled, allows remote attackers to bypass…
CVE-2006-4542 — CVSS 6.8 (medium): Webmin before 1.296 and Usermin before 1.226 do not properly handle a URL with a null ("%00") character, which allows remote attackers to…
CVE-2004-0588 — CVSS 6.8 (medium): Cross-site scripting (XSS) vulnerability in the web mail module for Usermin 1.070 allows remote attackers to insert arbitrary HTML and…
CVE-2006-3392 — CVSS 5.0 (medium): Webmin before 1.290 and Usermin before 1.220 calls the simplify_path function before decoding HTML, which allows remote attackers to read…
CVE-2004-0583 — CVSS 5.0 (medium): The account lockout functionality in (1) Webmin 1.140 and (2) Usermin 1.070 does not parse certain character strings, which allows remote…
CVE-2007-1276 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in chooser.cgi in Webmin before 1.330 and Usermin before 1.260 allow remote attackers…
CVE-2006-4246 — CVSS 3.6 (low): Usermin before 1.220 (20060629) allows remote attackers to read arbitrary files, possibly related to chfn/save.cgi not properly handling an…
CVE-2004-0559 — CVSS 2.1 (low): The maketemp.pl script in Usermin 1.070 and 1.080 allows local users to overwrite arbitrary files at install time via a symlink attack on…