CVE-2023-38306 Information

Description

An issue was discovered in Webmin 2.021. A Cross-site Scripting (XSS) Bypass vulnerability was discovered in the file upload functionality. Normally the application restricts the upload of certain file types such as .svg .php etc. and displays an error message if a prohibited file type is detected. However by following certain steps an attacker can bypass these restrictions and inject malicious code.

Reference

https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38306 https://webmin.com/tags/webmin-changelog/