Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-41161

Multiple stored cross-site scripting (XSS) vulnerabilities in Usermin 2.000 allow remote attackers to inject arbitrary web script or HTML via the key comment to different pages such as public key details, Export key, sign key, send to key server page, and fetch from key server page tab.

Published

2023-09-07T22:15:07.793

Last Modified

2024-11-21T08:20:41.970

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.4 (MEDIUM)

Weaknesses

Type: Primary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	webmin	usermin	2.000	Yes

References

https://github.com/shindeanik/Usermin-2.000/blob/main/CVE-2023-41161 Third Party Advisory ([email protected])
https://webmin.com/tags/webmin-changelog/ Release Notes ([email protected])
https://github.com/shindeanik/Usermin-2.000/blob/main/CVE-2023-41161 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://webmin.com/tags/webmin-changelog/ Release Notes (af854a3a-2127-422b-91ae-364da2661108)