Reflected Cross-Site Scripting Vulnerability in Webmin by JC Systems
CVE-2023-38309

6.1MEDIUM

Key Information:

Vendor: Webmin
Status: Webmin
Vendor: CVE Published:; 31 July 2023

What is CVE-2023-38309?

A reflected XSS vulnerability exists in Webmin version 2.021, specifically within the functionality that allows users to search for packages. This vulnerability enables attackers to inject a malicious payload through the 'Search for Package' field. When a victim interacts with the compromised search function, the injected payload is reflected back in the application's response, potentially allowing the execution of arbitrary JavaScript code in the context of the user's browser. This could lead to unauthorized actions or data exposure, emphasizing the importance of prompt security measures.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://webmin.com/tags/webmin-changelog/

https://github.com/jaysharma786/Webmin-2.021/blob/main/CV...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 31, 2023
Vulnerability Reserved
Jul 14, 2023

JSON

Webmin

What is CVE-2023-38309?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.