CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-40984
https://notcve.org/view.php?id=CVE-2023-40984
A reflected cross-site scripting (XSS) vulnerability in the File Manager function of Webmin v2.100 allows attackers to execute malicious scripts via injecting a crafted payload into the Replace in Results file. Una vulnerabilidad de Cross-Site Scripting (XSS) reflejada en la función Administrador de Archivos de Webmin v2.100 permite a los atacantes ejecutar un script malicioso mediante la inyección de un payload manipulado en el fichero Reemplazar en Resultados. • http://webmin.com https://github.com/Vi39/Webmin-2.100/blob/main/CVE-2023-40984 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2023-41155
https://notcve.org/view.php?id=CVE-2023-41155
A Stored Cross-Site Scripting (XSS) vulnerability in the mail forwarding and replies tab in Webmin and Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the forward to field while creating a mail forwarding rule. Una vulnerabilidad de Cross-Site Scripting (XSS) almacenado en la pestaña de reenvío de correo y respuestas en Webmin y Usermin 2.000 permite a atacantes remotos inyectar scripts web o HTML de su elección a través del campo reenviar a mientras crean una regla de reenvío de correo. • https://github.com/shindeanik/Usermin-2.000/blob/main/CVE-2023-41155 https://webmin.com/tags/webmin-changelog • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41163
https://notcve.org/view.php?id=CVE-2023-41163
A Reflected Cross-site scripting (XSS) vulnerability in the file manager tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the replace in results field while replacing the results under the tools drop down. • https://github.com/shindeanik/Usermin-2.000/blob/main/CVE-2023-41163 https://webmin.com/tags/webmin-changelog • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-38303
https://notcve.org/view.php?id=CVE-2023-38303
An issue was discovered in Webmin 2.021. One can exploit a stored Cross-Site Scripting (XSS) attack to achieve Remote Command Execution (RCE) through the Users and Group's real name parameter. • https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38303 https://webmin.com/tags/webmin-changelog • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-38305
https://notcve.org/view.php?id=CVE-2023-38305
An issue was discovered in Webmin 2.021. The download functionality allows an attacker to exploit a Cross-Site Scripting (XSS) vulnerability. By providing a crafted download path containing a malicious payload, an attacker can inject arbitrary code, which is then executed within the context of the victim's browser when the download link is accessed. • https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38305 https://webmin.com/tags/webmin-changelog • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •