CVE-2023-40986

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-40986

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-40986.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-40986

Published

2023-09-15T01:15:07.910Z

Modified

2025-11-15T06:49:21.139920Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

A stored cross-site scripting (XSS) vulnerability in the Usermin Configuration function of Webmin v2.100 allows attackers to execute arbitrary web sripts or HTML via a crafted payload injected into the Custom field.

References

Affected packages

Git / github.com/webmin/webmin

Affected ranges

Type: GIT
Repo: https://github.com/webmin/webmin
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

2d900e88c87b543180656aabcdce2104b83af6ad

Affected versions

1.*

1.700

1.710

1.720

1.730

1.740

1.750

1.760

1.770

1.780

1.790

1.800

1.801

1.810

1.820

1.830

1.831

1.840

1.850

1.860

1.870

1.880

1.890

1.900

1.910

1.920

1.930

1.940

1.941

1.950

1.951

1.953

1.954

1.955

1.960

1.962

1.970

1.972

1.973

1.974

1.979

1.980

1.982

1.983

1.984

1.990

1.991

1.993

1.994

1.995

1.996

1.997

1.998

1.999

2.*

2.000

2.001

2.003

2.010

2.011

2.012

2.013

2.020

2.021

2.100

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-40986.json"