Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-36446: Comparing 1.996...1.997 · webmin/webmin

software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command.

CVE
Open in Source
#web

Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also .

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also .

base repository: webmin/webmin base: 1.996

head repository: webmin/webmin compare: 1.997

Related news

Webmin Package Updates Command Injection

This Metasploit module exploits an arbitrary command injection in Webmin versions prior to 1.997. Webmin uses the OS package manager (apt, yum, etc.) to perform package updates and installation. Due to a lack of input sanitization, it is possible to inject an arbitrary command that will be concatenated to the package manager call. This exploit requires authentication and the account must have access to the Software Package Updates module.

Webmin 1.996 Remote Code Execution

Webmin version 1.996 suffers from an authenticated remote code execution vulnerability.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE