CVE-2023-38311
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-38311
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-38311.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2023-38311
- Published
- 2023-07-31T15:15:10Z
- Modified
- 2025-10-16T10:01:35.503886Z
- Severity
-
- 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the System Logs Viewer functionality. The vulnerability allows an attacker to store a malicious payload in the configuration field, triggering the execution of the payload when saving the configuration or when accessing the System Logs Viewer page.
- References
Affected packages
Git / github.com/webmin/webmin
Affected ranges
- Type
- GIT
- Repo
- https://github.com/webmin/webmin
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
Affected versions
1.*
1.700
1.710
1.720
1.730
1.740
1.750
1.760
1.770
1.780
1.790
1.800
1.801
1.810
1.820
1.830
1.831
1.840
1.850
1.860
1.870
1.880
1.890
1.900
1.910
1.920
1.930
1.940
1.941
1.950
1.951
1.953
1.954
1.955
1.960
1.962
1.970
1.972
1.973
1.974
1.979
1.980
1.982
1.983
1.984
1.990
1.991
1.993
1.994
1.995
1.996
1.997
1.998
1.999
2.*
2.000
2.001
2.003
2.010
2.011
2.012
2.013
2.020
2.021