CVE-2023-38310

An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the configuration settings of the system logs functionality. The vulnerability allows an attacker to store an XSS payload in the configuration settings of specific log files. This results in the execution of that payload whenever the affected log files are accessed.
Configurations

Configuration 1 (hide)

cpe:2.3:a:webmin:webmin:2.021:*:*:*:*:*:*:*

History

04 Aug 2023, 12:56

Type Values Removed Values Added
References (MISC) https://webmin.com/tags/webmin-changelog/ - (MISC) https://webmin.com/tags/webmin-changelog/ - Release Notes
References (MISC) https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38310 - (MISC) https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38310 - Exploit, Third Party Advisory
CPE cpe:2.3:a:webmin:webmin:2.021:*:*:*:*:*:*:*
First Time Webmin webmin
Webmin
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.4
CWE CWE-79

31 Jul 2023, 15:31

Type Values Removed Values Added
New CVE

Information

Published : 2023-07-31 15:15

Updated : 2024-02-28 20:33


NVD link : CVE-2023-38310

Mitre link : CVE-2023-38310

CVE.ORG link : CVE-2023-38310


JSON object : View

Products Affected

webmin

  • webmin
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')