Webmin 2.021 Cross-Site Scripting (XSS) via Download Path Vulnerability

Webmin 2.021 Cross-Site Scripting (XSS) via Download Path Vulnerability

CVE-2023-38305 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

An issue was discovered in Webmin 2.021. The download functionality allows an attacker to exploit a Cross-Site Scripting (XSS) vulnerability. By providing a crafted download path containing a malicious payload, an attacker can inject arbitrary code, which is then executed within the context of the victim's browser when the download link is accessed.

Learn more about our Web App Pen Testing.