First published: Fri Sep 15 2023(Updated: )
An issue was discovered in Webmin 2.100. The File Manager functionality allows an attacker to exploit a Cross-Site Scripting (XSS) vulnerability. By providing a malicious payload, an attacker can inject arbitrary code, which is then executed within the context of the victim's browser when any file is searched/replaced.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Webmin Webmin | =2.100 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2023-40985.
CVE-2023-40985 has a severity level of medium (5.4).
The affected version of Webmin is 2.100.
The CWE ID associated with CVE-2023-40985 is 79.
An attacker can exploit CVE-2023-40985 by using the File Manager functionality in Webmin to inject arbitrary code and execute it within the context of a victim's browser.