CVE-2023-38307

Name of the Vulnerable Software and Affected Versions Webmin version 2.021

Description A Stored Cross-Site Scripting (XSS) issue was discovered in the Users and Groups functionality. This occurs when an authenticated user adds a new user and inserts an XSS payload into the user's real name. The vulnerability is related to the lack of protection of the web page structure, which can allow a remote attacker to conduct an XSS attack.

Recommendations For Webmin version 2.021, as a temporary workaround, consider restricting access to the Users and Groups functionality until a patch is available. Avoid inserting potentially malicious input into the user's real name field to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.