An issue was discovered in Webmin 2.021. A Cross-site Scripting (XSS) Bypass vulnerability was discovered in the file upload functionality. Normally, the application restricts the upload of certain file types such as .svg, .php, etc., and displays an error message if a prohibited file type is detected. However, by following certain steps, an attacker can bypass these restrictions and inject malicious code.
Metrics
Affected Vendors & Products
References
History
Tue, 22 Oct 2024 18:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2023-07-31T00:00:00
Updated: 2024-10-22T17:51:13.901Z
Reserved: 2023-07-14T00:00:00
Link: CVE-2023-38306
Vulnrichment
Updated: 2024-08-02T17:39:12.246Z
NVD
Status : Modified
Published: 2023-07-31T15:15:10.663
Modified: 2024-11-21T08:13:17.380
Link: CVE-2023-38306
Redhat
No data.