An issue was discovered in Webmin 2.021. A Cross-site Scripting (XSS) Bypass vulnerability was discovered in the file upload functionality. Normally, the application restricts the upload of certain file types such as .svg, .php, etc., and displays an error message if a prohibited file type is detected. However, by following certain steps, an attacker can bypass these restrictions and inject malicious code.
History

Tue, 22 Oct 2024 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-07-31T00:00:00

Updated: 2024-10-22T17:51:13.901Z

Reserved: 2023-07-14T00:00:00

Link: CVE-2023-38306

cve-icon Vulnrichment

Updated: 2024-08-02T17:39:12.246Z

cve-icon NVD

Status : Modified

Published: 2023-07-31T15:15:10.663

Modified: 2024-11-21T08:13:17.380

Link: CVE-2023-38306

cve-icon Redhat

No data.