CVE-2023-40982 in Webmin
Summary
by MITRE • 09/15/2023
A stored cross-site scripting (XSS) vulnerability in Webmin v2.100 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cloned module name parameter.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 01/30/2026
The stored cross-site scripting vulnerability identified as CVE-2023-40982 affects Webmin version 2.100 and represents a critical security flaw that enables attackers to inject malicious scripts into the web application's cloned module name parameter. This vulnerability falls under the CWE-79 category, which specifically addresses cross-site scripting flaws in web applications. The flaw exists within the Webmin administrative interface where user input is not properly sanitized before being stored and subsequently rendered back to users, creating an environment where malicious code can persist and execute in the context of other users' browsers.
The technical implementation of this vulnerability occurs when an attacker exploits the cloned module name parameter to inject malicious JavaScript code or HTML content. When the affected Webmin instance processes and displays this crafted input, the stored script executes within the victim's browser context, potentially leading to session hijacking, data theft, or further exploitation of the compromised system. The stored nature of this vulnerability means that the malicious payload persists in the application's database or configuration files, making it particularly dangerous as it can affect multiple users over time without requiring repeated exploitation attempts.
The operational impact of CVE-2023-40982 extends beyond simple script execution, as it provides attackers with a persistent foothold within the compromised Webmin environment. This vulnerability can be leveraged for privilege escalation attacks, where an attacker might gain access to sensitive system information or administrative controls. According to ATT&CK framework, this vulnerability maps to T1566 (Phishing) and T1071.004 (Application Layer Protocol: DNS) as attackers can use the XSS to redirect users to malicious sites or extract credentials from the compromised session. The vulnerability also aligns with T1059 (Command and Scripting Interpreter) as the executed scripts could potentially be used to launch additional attacks or establish command execution capabilities.
Mitigation strategies for this vulnerability should include immediate patching of Webmin to versions that address the input sanitization flaw, implementing proper output encoding for all user-supplied data, and deploying web application firewalls to detect and block malicious payloads. Organizations should also consider implementing Content Security Policy headers to prevent unauthorized script execution, conducting regular security audits of web applications, and establishing robust input validation mechanisms. The vulnerability demonstrates the importance of proper input sanitization and the principle of least privilege in web application security, as the flaw could potentially allow attackers to escalate privileges within the Webmin environment and compromise the underlying system. Security teams should also monitor for exploitation attempts and implement proper logging and alerting mechanisms to detect when malicious payloads are being injected into the system.