The Qualys Research Team discovered nine high and critical severity vulnerabilities in Webmin. The successful exploitation of cross-site scripting (XSS) vulnerabilities could cause severe damage to users and the overall security of the application. Webmin is used to change and manage open-source applications like BIND DNS Server, Apache HTTP Server, PHP, MySQL, and many more, … Continue reading “Qualys Research Team Discovered Multiple Cross-Site Scripting Vulnerabilities in Webmin”
Tag: Webmin
Webmin Critical Security vulnerabilities (CVE-2021-31760, CVE-2021-31761, CVE-2021-31762)
Webmin is a web-based system administration tool for Unix-like servers, and services with over 1,000,000 installations worldwide. Using Webmin, you can configure operating system internals, such as users, disk quotas, services, or configuration files, as well as modify, and control open-source apps, such as BIND DNS Server, Apache HTTP Server, PHP, MySQL, and many more. … Continue reading “Webmin Critical Security vulnerabilities (CVE-2021-31760, CVE-2021-31761, CVE-2021-31762)”
Webmin Remote Code Execution Vulnerability
Webmin version 1.882 to 1.921 is vulnerable to Unauthenticated Remote Code Execution Vulnerability. This vulnerability exists in the reset password function that allows a malicious attacker to execute malicious code due to lack of input validation. The targets which have the setting “user password change enabled” are exploitable. This vulnerability has been assigned CVE-2019-15107. Vulnerability … Continue reading “Webmin Remote Code Execution Vulnerability”