Z0Ldyck

**Name of the Vulnerable Software and Affected Versions** Webmin version 1.973 **Description** A Cross-site request forgery (CSRF) vulnerability exists in the File Manager feature. This issue allows for malicious requests to be made on behalf of the user, potentially leading to unauthorized actions. **Recommendations** For Webmin version 1.973, as a temporary workaround, consider disabling the File Manager feature until a patch is available. Restrict access to the File Manager to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Webmin version 1.973 **Description** A Cross-site request forgery (CSRF) vulnerability exists in the Upload and Download feature. This issue allows an attacker to trick a user into performing unintended actions on the web application. **Recommendations** For Webmin version 1.973, as a temporary workaround, consider disabling the Upload and Download feature until a patch is available. Restrict access to this feature to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Webmin version 1.973 **Description** A Cross-Site Scripting (XSS) issue exists in the Add Users feature. **Recommendations** For Webmin version 1.973, consider disabling the Add Users feature until a patch is available. Restrict access to this feature to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Webmin version 1.973 **Description** A Cross-Site Scripting (XSS) issue exists in the File Manager feature. **Recommendations** For Webmin version 1.973, consider disabling the File Manager feature until a patch is available. Restrict access to the File Manager to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Webmin version 1.973 **Description** A cross-site request forgery (CSRF) vulnerability exists in the Scheduled Cron Jobs feature. This issue allows for malicious requests to be made on behalf of a user without their knowledge or consent. **Recommendations** For Webmin version 1.973, consider disabling the Scheduled Cron Jobs feature until a patch is available to prevent potential exploitation of the CSRF vulnerability.

**Name of the Vulnerable Software and Affected Versions** Webmin version 1.973 **Description** A Cross-Site Scripting (XSS) issue exists via the Scheduled Cron Jobs feature. **Recommendations** For Webmin version 1.973, consider disabling the Scheduled Cron Jobs feature until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Webmin version 1.973 **Description** A Cross-Site Scripting (XSS) issue exists via the Upload and Download feature. **Recommendations** For Webmin version 1.973, consider disabling the Upload and Download feature until a patch is available. Restrict access to this feature to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Webmin version 1.973 **Description** The issue is related to reflected Cross Site Scripting (XSS) that can lead to Remote Command Execution. This is achieved through Webmin's running process feature. **Recommendations** For Webmin version 1.973, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Webmin version 1.973 **Description** The issue allows for Cross Site Request Forgery (CSRF) to create a privileged user through Webmin's add users feature, and then get a reverse shell through Webmin's running process feature. **Recommendations** For Webmin version 1.973, as a temporary workaround, consider disabling the add users feature and restricting access to the running process feature until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Webmin version 1.973 **Description** The issue allows for Cross Site Request Forgery (CSRF) to achieve Remote Command Execution (RCE) through Webmin's running process feature. This means an attacker could potentially execute commands on a remote system without proper authorization. **Recommendations** For Webmin version 1.973, consider disabling the running process feature as a temporary workaround until a patch is available. Restrict access to Webmin's running process feature to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.