CVE-2023-38308

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Jul 31, 2023

Updated: Aug 4, 2023

CWE ID 79

Summary

CVE-2023-38308: A Cross-Site Scripting (XSS) vulnerability was discovered in Webmin 2.021's HTTP Tunnel functionality. This issue arises when handling third-party domain URLs. An attacker can exploit this weakness by crafting a malicious URL from a third-party source. Upon visiting the URL, the victim's browser executes arbitrary JavaScript code, potentially leading to data theft or unauthorized system access.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Webmin

Affected Vendors

The Webmin Community

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/r_kCYZ
https://www.cve.org/CVERecord?id=CVE-2023-38308
https://nvd.nist.gov/vuln/detail/CVE-2023-38308

Back to Vulnerability Database