Mohammad Faisal Sammio

**Name of the Vulnerable Software and Affected Versions** Webmin versions prior to 1.990 **Description** The issue is related to the implementation of the cron/save allow.cgi script in the Scheduled Cron Jobs module of the Webmin system administration interface for UNIX-like operating systems. It is associated with weaknesses in the authorization mechanism. Exploitation of this issue may allow a remote attacker to gain unauthorized access to protected information. **Recommendations** For versions prior to 1.990, update to version 1.990 or later to resolve the issue. As a temporary workaround, consider restricting access to the cron/save allow.cgi script until a patch is available.

**Name of the Vulnerable Software and Affected Versions** webmin versions prior to 1.990 **Description** The issue is related to improper access control in the webmin repository, which can lead to remote code execution. This is due to weaknesses in the authorization mechanism of the File Manager module in the webmin web interface for UNIX-like operating systems. An attacker can exploit this issue to elevate privileges or execute arbitrary code by running the chmod command or uploading files with .cgi permissions. **Recommendations** For versions prior to 1.990, update to version 1.990 or later to resolve the issue. As a temporary workaround, consider restricting access to the File Manager module to minimize the risk of exploitation. Avoid using the File Manager module until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** librenms/librenms versions prior to 22.2.0 **Description** The issue concerns exposure of sensitive information to unauthorized actors due to missing authorization. **Recommendations** For versions prior to 22.2.0, update to version 22.2.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** librenms/librenms versions prior to 22.2.0 **Description** The issue is related to improper authorization. There is no information provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** For versions prior to 22.2.0, update to version 22.2.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** librenms/librenms versions prior to 22.1.0 **Description** The issue is related to Cross-site Scripting (XSS) - Stored. This type of attack occurs when an application stores user input data without proper validation, allowing an attacker to inject malicious scripts that are executed by the application. No information is provided about the estimated number of potentially affected devices or real-world incidents where this issue was exploited. **Recommendations** For versions prior to 22.1.0, update to version 22.1.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** librenms/librenms versions prior to 22.2.0 **Description** The issue is related to improper access control, which can lead to incorrect authorization. This can potentially allow unauthorized access to certain features or data. **Recommendations** For versions prior to 22.2.0, update to version 22.2.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** librenms/librenms versions prior to 22.1.0 **Description** The issue is related to Cross-site Scripting (XSS) - Generic. There is no information provided about the estimated number of potentially affected devices worldwide or details about real-world incidents where this issue was exploited. **Recommendations** For versions prior to 22.1.0, update to version 22.1.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** librenms/librenms versions prior to 22.2.0 **Description** The issue is related to Cross-site Scripting (XSS) - Stored. This type of attack occurs when an application stores user input and later displays it to other users without proper validation or sanitization, allowing an attacker to inject malicious scripts into the application. The estimated number of potentially affected devices worldwide is not specified. There is no information provided about real-world incidents where this issue was exploited. **Recommendations** For versions prior to 22.2.0, update to version 22.2.0 or later to resolve the issue. As a temporary workaround, consider restricting user input validation to minimize the risk of exploitation.