{"id":"CVE-2021-31761","details":"Webmin 1.973 is affected by reflected Cross Site Scripting (XSS) to achieve Remote Command Execution through Webmin's running process feature.","modified":"2026-04-02T06:50:53.712131Z","published":"2021-04-25T19:15:08.207Z","references":[{"type":"PACKAGE","url":"https://github.com/webmin/webmin"},{"type":"EVIDENCE","url":"http://packetstormsecurity.com/files/163559/Webmin-1.973-Cross-Site-Request-Forgery.html"},{"type":"EVIDENCE","url":"https://github.com/Mesh3l911/CVE-2021-31761"},{"type":"EVIDENCE","url":"https://github.com/electronicbots/CVE-2021-31761"},{"type":"EVIDENCE","url":"https://youtu.be/23VvUMu-28c"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/webmin/webmin","events":[{"introduced":"0"},{"last_affected":"d7323047251d03763064e7478d1e176546dd24f4"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.973"}]}}],"versions":["1.700","1.710","1.720","1.730","1.740","1.750","1.760","1.770","1.780","1.790","1.800","1.801","1.810","1.820","1.830","1.831","1.840","1.850","1.860","1.870","1.880","1.890","1.900","1.910","1.920","1.930","1.940","1.941","1.950","1.951","1.953","1.954","1.955","1.960","1.962","1.970","1.972","1.973"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-31761.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"}]}