CVE-2023-38305

Name of the Vulnerable Software and Affected Versions Webmin version 2.021

Description An issue was discovered in the download functionality, allowing an attacker to exploit a Cross-Site Scripting (XSS) vulnerability. By providing a crafted download path containing a malicious payload, an attacker can inject arbitrary code, which is then executed within the context of the victim's browser when the download link is accessed.

Recommendations For Webmin version 2.021, consider disabling the download functionality until a patch is available to prevent exploitation of the XSS vulnerability. Restrict access to the download feature to minimize the risk of arbitrary code execution. As a temporary workaround, avoid using the download link with crafted paths containing malicious payloads. At the moment, there is no information about a newer version that contains a fix for this vulnerability.