Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Webmin Number Of NVD 88 CRITICAL 6 HIGH 27 MEDIUM 50 LOW 5
URL https://www.webmin.com/
Explanation Webmin is a web-based interface for Unix system administration. Using a modern web browser, you can set up user accounts, Apache, DNS, file sharing, and more. Webmin eliminates the need to manually edit Unix configuration files such as / etc / passwd, and allows you to manage your system from the console or remotely.

Excerpted and translated from [https://www.webmin.com/
Tag
  • BSD License
Add Information URL
No Type Name URL
1 https://www.webmin.com/download.html
2 https://www.webmin.com/changes.html
3 https://www.webmin.com/security.html
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
21 Webmin 2 2.610 Nov. 23, 2025 Aug. 23, 2022 0 0 20 0
22 Webmin 1 1.470, March 14, 2023 Sept. 12, 2002 6 20 32 2
23 Webmin 0 0.990 July 1, 2002 Oct. 5, 1997 2 17 24 4
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
21 6.1
- 		MEDIUM
Network 		A vulnerability, which was classified as problematic, was found in Webmin 2.001. Affected is an unknown function of the file xterm/index.cgi. The manipulation leads to basic cross site scripting. It … CWE-79
Cross-site Scripting 		CVE-2022-3844 cpe:2.3:a:webmin:webmin:2.001:* 2024-11-21 16:20
2022-11-3 		Show GitHub Exploit DB Packet Storm
22 6.1
4.3 		MEDIUM
Network 		The Read Mail module in Webmin 1.995 and Usermin through 1.850 allows XSS via a crafted HTML e-mail message. CWE-79
Cross-site Scripting 		CVE-2022-36880 cpe:2.3:a:webmin:webmin:1.995:* 2024-11-21 16:13
2022-07-27 		Show GitHub Exploit DB Packet Storm
23 9.8
- 		CRITICAL
Network 		software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command. CWE-116
 Improper Encoding or Escaping of Output 		CVE-2022-36446 cpe:2.3:a:webmin:webmin:*:* 1.997 2024-11-21 16:13
2022-07-25 		Show GitHub Exploit DB Packet Storm
24 8.8
6.5 		HIGH
Network 		Webmin through 1.991, when the Authentic theme is used, allows remote code execution when a user has been manually created (i.e., not created in Virtualmin or Cloudmin). This occurs because settings-… NVD-CWE-noinfo
CVE-2022-30708 cpe:2.3:a:webmin:webmin:*:* 1.991 2024-11-21 16:03
2022-05-15 		Show GitHub Exploit DB Packet Storm
25 8.8
6.8 		HIGH
Network 		A Cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 through the File Manager feature. CWE-352
 Origin Validation Error 		CVE-2021-32162 cpe:2.3:a:webmin:webmin:1.973:* 2024-11-21 15:06
2022-04-11 		Show GitHub Exploit DB Packet Storm
26 6.1
4.3 		MEDIUM
Network 		A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 through the File Manager feature. CWE-79
Cross-site Scripting 		CVE-2021-32161 cpe:2.3:a:webmin:webmin:1.973:* 2024-11-21 15:06
2022-04-11 		Show GitHub Exploit DB Packet Storm
27 6.1
4.3 		MEDIUM
Network 		A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 through the Add Users feature. CWE-79
Cross-site Scripting 		CVE-2021-32160 cpe:2.3:a:webmin:webmin:1.973:* 2024-11-21 15:06
2022-04-11 		Show GitHub Exploit DB Packet Storm
28 8.8
6.8 		HIGH
Network 		A Cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 via the Upload and Download feature. CWE-352
 Origin Validation Error 		CVE-2021-32159 cpe:2.3:a:webmin:webmin:1.973:* 2024-11-21 15:06
2022-04-11 		Show GitHub Exploit DB Packet Storm
29 6.1
4.3 		MEDIUM
Network 		A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 via the Upload and Download feature. CWE-79
Cross-site Scripting 		CVE-2021-32158 cpe:2.3:a:webmin:webmin:1.973:* 2024-11-21 15:06
2022-04-11 		Show GitHub Exploit DB Packet Storm
30 9.6
6.8 		CRITICAL
Network 		A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 via the Scheduled Cron Jobs feature. CWE-79
Cross-site Scripting 		CVE-2021-32157 cpe:2.3:a:webmin:webmin:1.973:* 2024-11-21 15:06
2022-04-11 		Show GitHub Exploit DB Packet Storm