CVE-2017-15646

Name of the Vulnerable Software and Affected Versions Webmin versions prior to 1.860

Description The issue allows for XSS with resultant remote code execution. It is exploited through the 'Download from remote URL' option under the 'Others/File Manager' menu, where an attacker can set up a malicious server to send an XSS payload upon receiving a file download request. This payload can lead to remote code execution, as demonstrated by an OS command in the value attribute of a name='cmd' input element.

Recommendations For versions prior to 1.860, update to version 1.860 or later to resolve the issue. As a temporary workaround, consider restricting access to the 'Download from remote URL' option under the 'Others/File Manager' menu to minimize the risk of exploitation.