CVE-2023-38304

Name of the Vulnerable Software and Affected Versions Webmin version 2.021

Description The issue is related to a Stored Cross-Site Scripting (XSS) vulnerability in the Users and Groups functionality of Webmin. This vulnerability allows an attacker to store a malicious payload in the Group Name field when creating a new group, potentially leading to a remote attacker conducting an XSS attack.

Recommendations For Webmin version 2.021, consider disabling the Users and Groups functionality until a patch is available to prevent exploitation of the Stored Cross-Site Scripting vulnerability. Restrict access to the Group Name field to minimize the risk of storing malicious payloads.