CVE-2023-40982: 
Webmin vulnerability analysis and mitigation

A stored cross-site scripting (XSS) vulnerability has been identified in Webmin version 2.100 (CVE-2023-40982). The vulnerability allows attackers to execute arbitrary web scripts or HTML through a crafted payload that can be injected into the cloned module name parameter. This security issue was discovered in the Usermin Configuration module of Webmin (GitHub POC).

The vulnerability exists in the cloned module name parameter within the Usermin Configuration section. When creating a cloned module, the application fails to properly sanitize user input in the module name field, allowing for the injection of malicious scripts. The vulnerability has been assigned a CVSS v3.1 Base Score of 5.4 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N (NVD).

If successfully exploited, this vulnerability could allow attackers to execute arbitrary web scripts or HTML in the context of other users' browsers who access the affected pages. This could lead to theft of sensitive information, session hijacking, or other malicious actions performed in the context of the authenticated user's session (GitHub POC).

Users should upgrade to a version of Webmin newer than 2.100 to address this vulnerability. As of the latest available information, Webmin has released several updates, with the current version being 2.302 (Webmin).