Lucene search
HistoryJul 31, 2023 - 3:15 p.m.
CVE-2023-38307
webmin
xss
users and groups
vulnerability
2023
stored
cross-site scripting
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
26.8%
An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the Users and Groups functionality. The vulnerability occurs when an authenticated user adds a new user and inserts an XSS payload into the user’s real name.
Affected configurations
Node
webminwebminMatch2.021
Related
cvelist
cvelist
CVE-2023-38307
2023-07-31 00:00:00
osv
osv
CVE-2023-38307
2023-07-31 15:15:10
cve
cve
CVE-2023-38307
2023-07-31 15:15:10
prion
prion
Cross site scripting
2023-07-31 15:15:00
redos
redos
ROS-20240918-04
2024-09-18 00:00:00
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
26.8%
Related for NVD:CVE-2023-38307