CVE-2023-43309
https://notcve.org/view.php?id=CVE-2023-43309
There is a stored cross-site scripting (XSS) vulnerability in Webmin 2.002 and below via the Cluster Cron Job tab Input field, which allows attackers to run malicious scripts by injecting a specially crafted payload. Vulnerabilidad de Cross-Site Scripting (XSS) almacenado en Webmin 2.002 y versiones anteriores a través del archivo Cluster Cron Job tab Input, que permite a los atacantes ejecutar scripts maliciosos inyectando un payload manipulado. • https://github.com/TishaManandhar/Webmin_xss_POC/blob/main/XSS • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-41157
https://notcve.org/view.php?id=CVE-2023-41157
Multiple stored cross-site scripting (XSS) vulnerabilities in Usermin 2.000 allow remote attackers to inject arbitrary web script or HTML via the folder name parameter while creating the folder to manage the folder tab, filter tab, and forward mail tab. Múltiples vulnerabilidades de Cross-Site Scripting (XSS) almacenado en Usermin 2.000 permiten a atacantes remotos inyectar scripts web o HTML arbitrarias a través del parámetro de "nombre de carpeta" mientras crean la carpeta para administrar la pestaña de carpeta, la pestaña de filtro y la pestaña de reenvío de correo. • https://github.com/shindeanik/Usermin-2.000/blob/main/CVE-2023-41157 https://webmin.com/tags/webmin-changelog • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-40982
https://notcve.org/view.php?id=CVE-2023-40982
A stored cross-site scripting (XSS) vulnerability in Webmin v2.100 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cloned module name parameter. Una vulnerabilidad cross-site scripting (XSS) almacenadas en Webmin v2.100 permite a los atacantes ejecutar scripts web o HTML arbitrarias a través de payload elaborado inyectado en el módulo clonado en el parámetro nombre. • http://webmin.com https://github.com/Vi39/Webmin-2.100/blob/main/CVE-2023-40982 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-40985
https://notcve.org/view.php?id=CVE-2023-40985
An issue was discovered in Webmin 2.100. The File Manager functionality allows an attacker to exploit a Cross-Site Scripting (XSS) vulnerability. By providing a malicious payload, an attacker can inject arbitrary code, which is then executed within the context of the victim's browser when any file is searched/replaced. Se descubrió un problema en Webmin 2.100. La funcionalidad del Administrador de Archivos permite a un atacante explotar una vulnerabilidad de Cross-Site Scripting (XSS). • http://webmin.com https://github.com/Vi39/Webmin-2.100/blob/main/CVE-2023-40985 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-40986
https://notcve.org/view.php?id=CVE-2023-40986
A stored cross-site scripting (XSS) vulnerability in the Usermin Configuration function of Webmin v2.100 allows attackers to execute arbitrary web sripts or HTML via a crafted payload injected into the Custom field. Una vulnerabilidad de Cross-Site Scripting (XSS) almacenado en la función de Usermin Configuration de Webmin v2.100 permite a los atacantes ejecutar scripts web o HTML arbitrarios a través de un payload manipulado inyectado en el campo Custom. • http://webmin.com https://github.com/Vi39/Webmin-2.100/blob/main/CVE-2023-40986 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •