CVE-2023-38306

An issue was discovered in Webmin 2.021. A Cross-site Scripting (XSS) Bypass vulnerability was discovered in the file upload functionality. Normally, the application restricts the upload of certain file types such as .svg, .php, etc., and displays an error message if a prohibited file type is detected. However, by following certain steps, an attacker can bypass these restrictions and inject malicious code.
Configurations

Configuration 1 (hide)

cpe:2.3:a:webmin:webmin:2.021:*:*:*:*:*:*:*

History

04 Aug 2023, 12:57

Type Values Removed Values Added
First Time Webmin webmin
Webmin
CWE CWE-79
References (MISC) https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38306 - (MISC) https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38306 - Exploit, Third Party Advisory
References (MISC) https://webmin.com/tags/webmin-changelog/ - (MISC) https://webmin.com/tags/webmin-changelog/ - Release Notes
CPE cpe:2.3:a:webmin:webmin:2.021:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.1

31 Jul 2023, 15:31

Type Values Removed Values Added
New CVE

Information

Published : 2023-07-31 15:15

Updated : 2024-02-28 20:33


NVD link : CVE-2023-38306

Mitre link : CVE-2023-38306

CVE.ORG link : CVE-2023-38306


JSON object : View

Products Affected

webmin

  • webmin
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')