CVE-2023-54341 – Webgrind versions 1.1 and earlier contain a ref... (How to Fix)

Q: What is the severity of CVE-2023-54341?

CVE-2023-54341 has a CVSS score of 6.1 (MEDIUM). Webgrind versions 1.1 and earlier contain a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious JavaScript via the file parameter. This enables attackers to execute arbitrary code in victims' browsers when they click crafted malicious URLs. Anyone running vulnerable Webgrind installations is affected.

📋 TL;DR

Webgrind versions 1.1 and earlier contain a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious JavaScript via the file parameter. This enables attackers to execute arbitrary code in victims' browsers when they click crafted malicious URLs. Anyone running vulnerable Webgrind installations is affected.

💻 Affected Systems

Products:

Webgrind

Versions: 1.1 and earlier

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: All installations using default configurations are vulnerable if accessible via web interface.

📦 What is this software?

Webgrind by Webgrind Project

View all CVEs affecting Webgrind →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers steal session cookies, perform account takeovers, redirect users to malicious sites, or perform actions on behalf of authenticated users.

🟠

Likely Case

Session hijacking, credential theft, or defacement of the Webgrind interface through injected content.

🟢

If Mitigated

Limited impact with proper input validation and output encoding; attackers can only target users who click malicious links.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires user interaction (clicking malicious link) but is trivial to craft.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.2 or later

Vendor Advisory: http://github.com/jokkedk/webgrind/

Restart Required: No

Instructions:

1. Download latest version from GitHub. 2. Replace existing Webgrind files. 3. No restart required as it's PHP-based.

🔧 Temporary Workarounds

Input Validation Filter

all

Add input validation to sanitize file parameter before processing

Modify index.php to validate file parameter using htmlspecialchars() or similar

Web Application Firewall

all

Deploy WAF rules to block XSS payloads in file parameter

🧯 If You Can't Patch

Restrict access to Webgrind interface using network ACLs or authentication
Implement Content Security Policy headers to mitigate script execution

🔍 How to Verify

Check if Vulnerable:

Test by accessing index.php?file=<script>alert('XSS')</script> and checking if script executes

Check Version:

Check webgrind/config.php or README for version information

Verify Fix Applied:

After update, test same payload; script should not execute and input should be properly encoded

📡 Detection & Monitoring

Log Indicators:

HTTP requests with script tags or JavaScript in file parameter
Unusual file parameter values in access logs

Network Indicators:

HTTP requests containing malicious script patterns in query strings

SIEM Query:

source="webgrind_access.log" AND (file="*<script>*" OR file="*javascript:*")

📊 Metadata

CVE ID: CVE-2023-54341

CVSS v3 Score: 6.1 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-79

EPSS Score: 0.07% exploit probability (20th percentile)

Published: January 13, 2026

Last Updated: February 3, 2026

🔗 References

http://github.com/jokkedk/webgrind/ Product
https://www.exploit-db.com/exploits/51074 Exploit
https://www.vulncheck.com/advisories/webgrind-reflected-cross-site-scripting-xss-via-file-parameter Third Party Advisory
https://www.exploit-db.com/exploits/51074 Exploit

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-54341, you might also want to check these: