CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2022-36446

CVSS 9.8v3.1pub. 2022-07-25upd. 2024-11-21

software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Webmin

    APP
    Webmin
    < 1.997
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References

Related vulnerabilities

CVE-2019-15107CRITICAL9.8⚠ KEVten sam produkt

An issue was discovered in Webmin <=1.920. The parameter old in password_change.cgi contains a command injecti...

CVE-2021-32157CRITICAL9.6ten sam produkt

A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 via the Scheduled Cron Jobs feature.

CVE-2021-31761CRITICAL9.6ten sam produkt

Webmin 1.973 is affected by reflected Cross Site Scripting (XSS) to achieve Remote Command Execution through W...

CVE-2020-35769CRITICAL9.8ten sam produkt

miniserv.pl in Webmin 1.962 on Windows mishandles special characters in query arguments to the CGI program.

CVE-2018-8712CRITICAL9.8ten sam produkt

An issue was discovered in Webmin 1.840 and 1.880 when the default Yes setting of "Can view any file as a log ...