CVE-2023-38303: XSS
First published: Mon Jul 31 2023(Updated: )
An issue was discovered in Webmin 2.021. One can exploit a stored Cross-Site Scripting (XSS) attack to achieve Remote Command Execution (RCE) through the Users and Group's real name parameter.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Webmin Webmin | =2.021 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue in Webmin 2.021?
The vulnerability ID for this issue in Webmin 2.021 is CVE-2023-38303.
What is the severity rating of CVE-2023-38303?
The severity rating of CVE-2023-38303 is medium.
How does the vulnerability in Webmin 2.021 allow for remote command execution (RCE)?
The vulnerability in Webmin 2.021 allows for remote command execution (RCE) through the Users and Group's real name parameter.
Which version of Webmin is affected by CVE-2023-38303?
CVE-2023-38303 affects Webmin version 2.021.
Is there a public reference available for more information about CVE-2023-38303?
Yes, you can find more information about CVE-2023-38303 at the following references: [Link 1](https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38303) and [Link 2](https://webmin.com/tags/webmin-changelog/).
- collector/nvd-index
- agent/author
- agent/references
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- collector/epss-latest
- source/FIRST
- agent/severity
- agent/weakness
- agent/description
- agent/epss
- agent/event
- agent/tags
- collector/nvd-api
- agent/software-canonical-lookup-request
- collector/nvd-latest
- collector/mitre-cve
- source/MITRE
- vendor/webmin
- canonical/webmin webmin
- version/webmin webmin/2.021