An issue was discovered in Webmin 2.021. A Cross-site Scripting (XSS) Bypass vulnerability was discovered in the file upload functionality. Normally, the application restricts the upload of certain file types such as .svg, .php, etc., and displays an error message if a prohibited file type is detected. However, by following certain steps, an attacker can bypass these restrictions and inject malicious code.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2023-07-31T00:00:00
Updated: 2024-08-02T17:39:12.246Z
Reserved: 2023-07-14T00:00:00
Link: CVE-2023-38306
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2023-07-31T15:15:10.663
Modified: 2023-08-04T12:57:14.733
Link: CVE-2023-38306
Redhat
No data.