CVE-2023-41156

{"id": "CVE-2023-41156", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2023-09-14T21:15:10.630", "references": [{"url": "https://github.com/shindeanik/Usermin-2.001/blob/main/CVE-2023-41156", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://webmin.com/tags/webmin-changelog/", "tags": ["Release Notes"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "A Stored Cross-Site Scripting (XSS) vulnerability in the filter and forward mail tab in Usermin 2.001 allows remote attackers to inject arbitrary web script or HTML via the save to new folder named field while creating a new filter."}, {"lang": "es", "value": "Una vulnerabilidad de Cross-Site Scripting (XSS) almacenado en la pesta\u00f1a de filtro y reenv\u00edo de correo en Usermin 2.001 permite a atacantes remotos inyectar script web o HTML de su elecci\u00f3n a trav\u00e9s del campo llamado \"guardar en nueva carpeta\" mientras crean un nuevo filtro."}], "lastModified": "2023-09-19T16:28:17.837", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:webmin:usermin:2.001:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9CE9B3CB-9D26-492D-9584-317C5BE061EE"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}