CVE-2023-38305

An issue was discovered in Webmin 2.021. The download functionality allows an attacker to exploit a Cross-Site Scripting (XSS) vulnerability. By providing a crafted download path containing a malicious payload, an attacker can inject arbitrary code, which is then executed within the context of the victim's browser when the download link is accessed.
Configurations

Configuration 1 (hide)

cpe:2.3:a:webmin:webmin:2.021:*:*:*:*:*:*:*

History

04 Aug 2023, 12:57

Type Values Removed Values Added
First Time Webmin
Webmin webmin
CPE cpe:2.3:a:webmin:webmin:2.021:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.1
CWE CWE-79
References (MISC) https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38305 - (MISC) https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38305 - Exploit, Third Party Advisory
References (MISC) https://webmin.com/tags/webmin-changelog/ - (MISC) https://webmin.com/tags/webmin-changelog/ - Release Notes

31 Jul 2023, 15:31

Type Values Removed Values Added
New CVE

Information

Published : 2023-07-31 15:15

Updated : 2023-12-10 15:14


NVD link : CVE-2023-38305

Mitre link : CVE-2023-38305

CVE.ORG link : CVE-2023-38305


JSON object : View

Products Affected

webmin

  • webmin
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')