Reflected Cross Site Scripting Vulnerability in Webmin by Webmin
CVE-2021-31761

9.6CRITICAL

Key Information:

Vendor

Webmin

Status
Webmin
Vendor
CVE Published:
25 April 2021

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 81%

What is CVE-2021-31761?

Webmin 1.973 is susceptible to a reflected Cross Site Scripting vulnerability which can be exploited to carry out remote command execution via the running process feature. Attackers might craft malicious URLs that, when accessed, execute unauthorized commands on the affected system. This flaw underscores the importance of secure coding practices and the necessity for users to promptly apply security patches and maintain only trusted configurations.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2021-31761
Created by Mesh3l911

CVE-2021-31761
Created by electronicbots

References

https://github.com/webmin/webmin
x_refsource_MISC
https://youtu.be/23VvUMu-28c
x_refsource_MISC
https://github.com/Mesh3l911/CVE-2021-31761
x_refsource_MISC

EPSS Score

81% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.6
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

.