CVE-2023-40986

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-40986

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-40986.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-40986

Published

2023-09-15T01:15:07.910Z

Modified

2026-03-14T12:18:53.626268Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

A stored cross-site scripting (XSS) vulnerability in the Usermin Configuration function of Webmin v2.100 allows attackers to execute arbitrary web sripts or HTML via a crafted payload injected into the Custom field.

References

Affected packages

Git / github.com/webmin/webmin

Affected ranges

Type

GIT

Repo

https://github.com/webmin/webmin

Events

Introduced

Last affected

2d900e88c87b543180656aabcdce2104b83af6ad

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.100"
        }
    ]
}

Affected versions

1.*

1.700

1.710

1.720

1.730

1.740

1.750

1.760

1.770

1.780

1.790

1.800

1.801

1.810

1.820

1.830

1.831

1.840

1.850

1.860

1.870

1.880

1.890

1.900

1.910

1.920

1.930

1.940

1.941

1.950

1.951

1.953

1.954

1.955

1.960

1.962

1.970

1.972

1.973

1.974

1.979

1.980

1.982

1.983

1.984

1.990

1.991

1.993

1.994

1.995

1.996

1.997

1.998

1.999

2.*

2.000

2.001

2.003

2.010

2.011

2.012

2.013

2.020

2.021

2.100

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-40986.json"