| Max CVSS | 6.8 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2017-15646 | 4.3 |
Webmin before 1.860 has XSS with resultant remote code execution. Under the 'Others/File Manager' menu, there is a 'Download from remote URL' option to download a file from a remote server. After setting up a malicious server, one can wait for a file
|
08-11-2017 - 18:19 | 19-10-2017 - 22:29 | |
| CVE-2017-15644 | 5.0 |
SSRF exists in Webmin 1.850 via the PATH_INFO to tunnel/link.cgi, as demonstrated by a GET request for tunnel/link.cgi/http://INTRANET-IP:8000.
|
07-11-2017 - 20:34 | 19-10-2017 - 22:29 | |
| CVE-2017-15645 | 6.8 |
CSRF exists in Webmin 1.850. By sending a GET request to at/create_job.cgi containing dir=/&cmd= in the URI, an attacker to execute arbitrary commands.
|
07-11-2017 - 20:28 | 19-10-2017 - 22:29 | |
| CVE-2017-9313 | 4.3 |
Multiple Cross-site scripting (XSS) vulnerabilities in Webmin before 1.850 allow remote attackers to inject arbitrary web script or HTML via the sec parameter to view_man.cgi, the referers parameter to change_referers.cgi, or the name parameter to sa
|
10-07-2017 - 17:03 | 04-07-2017 - 02:29 |