{"id":"CVE-2023-40985","details":"An issue was discovered in Webmin 2.100. The File Manager functionality allows an attacker to exploit a Cross-Site Scripting (XSS) vulnerability. By providing a malicious payload, an attacker can inject arbitrary code, which is then executed within the context of the victim's browser when any file is searched/replaced.","modified":"2026-05-18T05:55:30.241430492Z","published":"2023-09-15T00:00:00Z","database_specific":{"cna_assigner":"mitre","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/40xxx/CVE-2023-40985.json"},"references":[{"type":"WEB","url":"http://webmin.com"},{"type":"WEB","url":"https://github.com/Vi39/Webmin-2.100/blob/main/CVE-2023-40985"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/40xxx/CVE-2023-40985.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-40985"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/webmin/webmin","events":[{"introduced":"0"},{"last_affected":"2d900e88c87b543180656aabcdce2104b83af6ad"}],"database_specific":{"cpe":"cpe:2.3:a:webmin:webmin:2.100:*:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"introduced":"0"},{"last_affected":"2.100"}]}}],"versions":["2.100","2.021","2.020","2.013","2.012","2.011","2.010","2.003","2.001","2.000","1.999","1.998","1.996","1.995","1.994","1.993","1.991","1.990","1.984","1.983","1.982","1.980","1.974","1.973","1.972","1.970","1.962","1.960","1.955","1.954","1.953","1.951","1.950","1.941","1.940","1.930","1.920","1.910","1.900","1.890","1.880","1.870","1.860","1.850","1.840","1.831","1.830","1.820","1.810","1.801","1.800","1.790","1.780","1.770","1.760","1.750","1.740","1.730","1.720","1.710","1.700"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-40985.json"}}],"schema_version":"1.7.5"}