CVE-2023-40985

Name of the Vulnerable Software and Affected Versions Webmin version 2.100

Description An issue was discovered in the File Manager functionality, allowing an attacker to exploit a Cross-Site Scripting (XSS) vulnerability. By providing a malicious payload, an attacker can inject arbitrary code, which is then executed within the context of the victim's browser when any file is searched or replaced.

Recommendations For Webmin version 2.100, consider disabling the File Manager functionality until a patch is available to prevent exploitation of the XSS vulnerability. Restrict access to the File Manager to minimize the risk of arbitrary code injection. Avoid using the File Manager for searching or replacing files until the issue is resolved.