CVE-2023-40983: 
Webmin vulnerability analysis and mitigation

A reflected cross-site scripting (XSS) vulnerability was discovered in Webmin version 2.100, specifically affecting the File Manager function. The vulnerability was assigned identifier CVE-2023-40983 and was publicly disclosed on September 15, 2023. The vulnerability allows attackers to execute malicious scripts by injecting a crafted payload into the Find in Results file (NVD, GitHub POC).

The vulnerability is classified as a reflected XSS issue (CWE-79: Improper Neutralization of Input During Web Page Generation). According to the National Vulnerability Database, it received a CVSS v3.1 Base Score of 6.1 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N, indicating that it requires user interaction but can be exploited remotely without authentication (NVD).

If successfully exploited, this vulnerability allows attackers to execute malicious scripts in the context of the user's browser session. This could potentially lead to theft of sensitive information, session hijacking, or other client-side attacks against Webmin users (NVD).

Users should upgrade to a version of Webmin newer than 2.100. The vulnerability has been addressed in subsequent releases of the software (Webmin).