Every CVE whose affected-product data names Webmin Usermin, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (22)
CVE-2015-2079 — CVSS 9.9 (critical): Usermin 0.980 through 1.x before 1.660 allows uconfig_save.cgi sig_file_free remote code execution because it uses the two argument (not…
CVE-2022-35132 — CVSS 8.8 (high): Usermin through 1.850 allows a remote authenticated user to execute OS commands via command injection in a filename for the GPG module.
CVE-2014-3883 — CVSS 6.8 (medium): Usermin before 1.600 allows remote attackers to execute arbitrary operating-system commands via unspecified vectors related to a user…
CVE-2023-41162 — CVSS 6.1 (medium): A Reflected Cross-site scripting (XSS) vulnerability in the file manager tab in Usermin 2.000 allows remote attackers to inject arbitrary…
CVE-2016-4897 — CVSS 6.1 (medium): Multiple cross-site scripting (XSS) vulnerabilities in (1) filter/save_forward.cgi, (2) filter/save.cgi, (3) /man/search.cgi in Usermin…
CVE-2024-36453 — CVSS 6.1 (medium): Cross-site scripting vulnerability exists in session_login.cgi of Webmin versions prior to 1.970 and Usermin versions prior to 1.820. If…
CVE-2022-36880 — CVSS 6.1 (medium): The Read Mail module in Webmin 1.995 and Usermin through 1.850 allows XSS via a crafted HTML e-mail message.
CVE-2023-41157 — CVSS 5.4 (medium): Multiple stored cross-site scripting (XSS) vulnerabilities in Usermin 2.000 allow remote attackers to inject arbitrary web script or HTML…
CVE-2023-41158 — CVSS 5.4 (medium): A Stored Cross-Site Scripting (XSS) vulnerability in the MIME type programs tab in Usermin 2.000 allows remote attackers to inject…
CVE-2023-41160 — CVSS 5.4 (medium): A Stored Cross-Site Scripting (XSS) vulnerability in the SSH configuration tab in Usermin 2.001 allows remote attackers to inject arbitrary…
CVE-2023-41159 — CVSS 5.4 (medium): A Stored Cross-Site Scripting (XSS) vulnerability while editing the autoreply file page in Usermin 2.000 allows remote attackers to inject…
CVE-2023-41161 — CVSS 5.4 (medium): Multiple stored cross-site scripting (XSS) vulnerabilities in Usermin 2.000 allow remote attackers to inject arbitrary web script or HTML…
CVE-2023-41152 — CVSS 5.4 (medium): A Stored Cross-Site Scripting (XSS) vulnerability in the MIME type programs tab in Usermin 2.000 allows remote attackers to inject…
CVE-2023-41153 — CVSS 5.4 (medium): A Stored Cross-Site Scripting (XSS) vulnerability in the SSH configuration tab in Usermin 2.001 allows remote attackers to inject arbitrary…
CVE-2023-41154 — CVSS 5.4 (medium): A Stored Cross-Site Scripting (XSS) vulnerability in the scheduled cron jobs tab in Usermin 2.000 allows remote attackers to inject…
CVE-2023-41155 — CVSS 5.4 (medium): A Stored Cross-Site Scripting (XSS) vulnerability in the mail forwarding and replies tab in Webmin and Usermin 2.000 allows remote…
CVE-2023-41156 — CVSS 5.4 (medium): A Stored Cross-Site Scripting (XSS) vulnerability in the filter and forward mail tab in Usermin 2.001 allows remote attackers to inject…
CVE-2024-44762 — CVSS 5.3 (medium): A discrepancy in error messages for invalid login attempts in Webmin Usermin v2.100 allows attackers to enumerate valid user accounts.
CVE-2014-3884 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Usermin before 1.600 allows remote attackers to inject arbitrary web script or HTML via…
CVE-2009-4568 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Webmin before 1.500 and Usermin before 1.430 allows remote attackers to inject arbitrary web…
CVE-2008-0720 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Webmin 1.370 and 1.390 and Usermin 1.300 and 1.320 allows remote attackers to inject arbitrary…
CVE-2007-3156 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in pam_login.cgi in Webmin before 1.350 and Usermin before 1.280 allow remote attackers…