CVE-2023-38309

An issue was discovered in Webmin 2.021. A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the package search functionality. The vulnerability allows an attacker to inject a malicious payload in the "Search for Package" field, which gets reflected back in the application's response, leading to the execution of arbitrary JavaScript code within the context of the victim's browser.
Configurations

Configuration 1 (hide)

cpe:2.3:a:webmin:webmin:2.021:*:*:*:*:*:*:*

History

04 Aug 2023, 12:56

Type Values Removed Values Added
CWE CWE-79
First Time Webmin webmin
Webmin
References (MISC) https://webmin.com/tags/webmin-changelog/ - (MISC) https://webmin.com/tags/webmin-changelog/ - Release Notes
References (MISC) https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38309 - (MISC) https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38309 - Exploit, Third Party Advisory
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.1
CPE cpe:2.3:a:webmin:webmin:2.021:*:*:*:*:*:*:*

31 Jul 2023, 15:31

Type Values Removed Values Added
New CVE

Information

Published : 2023-07-31 15:15

Updated : 2024-02-28 20:33


NVD link : CVE-2023-38309

Mitre link : CVE-2023-38309

CVE.ORG link : CVE-2023-38309


JSON object : View

Products Affected

webmin

  • webmin
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')