CVE-2023-38311

Name of the Vulnerable Software and Affected Versions Webmin version 2.021

Description A Stored Cross-Site Scripting (XSS) issue was discovered in the System Logs Viewer functionality. This allows an attacker to store a malicious payload in the configuration field, which triggers the execution of the payload when saving the configuration or when accessing the System Logs Viewer page. The vulnerability is related to the lack of protection of the web page structure, enabling a remote attacker to conduct an XSS attack.

Recommendations For Webmin version 2.021, as a temporary workaround, consider disabling access to the System Logs Viewer page until a patch is available. Restrict modifications to the configuration field to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.