Skip to main content

Webmin CVE-2023-43309

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2023-09-21 cve@mitre.org
4.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.8 MEDIUM
AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Sep 21, 2023 - 14:15 nvd
MEDIUM 4.8

DescriptionNVD

There is a stored cross-site scripting (XSS) vulnerability in Webmin 2.002 and below via the Cluster Cron Job tab Input field, which allows attackers to run malicious scripts by injecting a specially crafted payload.

AnalysisAI

There is a stored cross-site scripting (XSS) vulnerability in Webmin 2.002 and below via the Cluster Cron Job tab Input field, which allows attackers to run malicious scripts by injecting a specially. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. There is a stored cross-site scripting (XSS) vulnerability in Webmin 2.002 and below via the Cluster Cron Job tab Input field, which allows attackers to run malicious scripts by injecting a specially crafted payload. Affected products include: Webmin.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

More in Webmin

View all
CVE-2012-2982 MEDIUM POC
6.5 Sep 11

file/show.cgi in Webmin 1.590 and earlier allows remote authenticated users to execute arbitrary commands via an invalid

CVE-2012-2983 MEDIUM POC
5.0 Sep 11

file/edit_html.cgi in Webmin 1.590 and earlier does not perform an authorization check before showing a file's unedited

CVE-2022-36446 CRITICAL POC
9.8 Jul 25

software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command. Rated critical severity (CVSS 9.8), thi

CVE-2019-15107 CRITICAL POC
9.8 Aug 16

An issue was discovered in Webmin <=1.920. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitabl

CVE-2022-0824 HIGH POC
8.8 Mar 02

Improper Access Control to Remote Code Execution in GitHub repository webmin/webmin prior to 1.990. Rated high severity

CVE-2019-12840 HIGH POC
8.8 Jun 15

In Webmin through 1.910, any user authorized to the "Package Updates" module can execute arbitrary commands with root pr

CVE-2017-15644 HIGH POC
8.6 Oct 19

SSRF exists in Webmin 1.850 via the PATH_INFO to tunnel/link.cgi, as demonstrated by a GET request for tunnel/link.cgi/h

CVE-2019-9624 HIGH POC
7.8 Mar 07

Webmin 1.900 allows remote attackers to execute arbitrary code by leveraging the "Java file manager" and "Upload and Dow

CVE-2021-31761 CRITICAL POC
9.6 Apr 25

Webmin 1.973 is affected by reflected Cross Site Scripting (XSS) to achieve Remote Command Execution through Webmin's ru

CVE-2017-15645 HIGH POC
8.8 Oct 19

CSRF exists in Webmin 1.850. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authenticati

CVE-2022-30708 HIGH POC
8.8 May 15

Webmin through 1.991, when the Authentic theme is used, allows remote code execution when a user has been manually creat

CVE-2021-31762 HIGH POC
8.8 Apr 25

Webmin 1.973 is affected by Cross Site Request Forgery (CSRF) to create a privileged user through Webmin's add users fea

Share

CVE-2023-43309 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy