A Stored Cross-Site Scripting (XSS) vulnerability in the SSH configuration tab in Usermin 2.001 allows remote attackers to inject arbitrary web script or HTML via options for the host value while editing the host options.
References
Link | Resource |
---|---|
https://github.com/shindeanik/Usermin-2.001/blob/main/CVE-2023-41153 | |
https://webmin.com/tags/webmin-changelog/ | Release Notes |
Configurations
History
31 Aug 2023, 23:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
31 Aug 2023, 18:37
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-79 | |
First Time |
Webmin usermin
Webmin |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.4 |
CPE | cpe:2.3:a:webmin:usermin:2.001:*:*:*:*:*:*:* | |
References | (MISC) https://webmin.com/tags/webmin-changelog/ - Release Notes |
29 Aug 2023, 23:49
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-08-29 22:15
Updated : 2024-02-28 20:33
NVD link : CVE-2023-41153
Mitre link : CVE-2023-41153
CVE.ORG link : CVE-2023-41153
JSON object : View
Products Affected
webmin
- usermin
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')