CVE-2023-40985

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Sep 15, 2023

Updated: Sep 20, 2023

CWE ID 79

Summary

CVE-2023-40985 is a newly discovered Cross-Site Scripting (XSS) vulnerability affecting Webmin version 2.100. This issue resides in the File Manager functionality, allowing an attacker to inject malicious code. If an unsuspecting user searches for or replaces a file, the attacker's payload is executed within their browser, potentially leading to data theft or unauthorized system access. This vulnerability poses a significant risk and requires immediate attention from Webmin users to apply the necessary patches or updates.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Webmin

Affected Vendors

The Webmin Community

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sbNU8D
https://www.cve.org/CVERecord?id=CVE-2023-40985
https://nvd.nist.gov/vuln/detail/CVE-2023-40985

Back to Vulnerability Database