CVE-2023-41160

{"id": "CVE-2023-41160", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2023-09-14T21:15:10.750", "references": [{"url": "https://github.com/shindeanik/Usermin-2.001/blob/main/CVE-2023-41160", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://webmin.com/tags/webmin-changelog/", "tags": ["Release Notes"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "A Stored Cross-Site Scripting (XSS) vulnerability in the SSH configuration tab in Usermin 2.001 allows remote attackers to inject arbitrary web script or HTML via the key name field while adding an authorized key."}, {"lang": "es", "value": "Una vulnerabilidad de Cross-Site Scripting (XSS) almacenado en la pesta\u00f1a de configuraci\u00f3n SSH en Usermin 2.001 permite a los atacantes remotos inyectar scripts web arbitrarios o HTML a trav\u00e9s del campo de nombre de clave mientras agregan una clave autorizada."}], "lastModified": "2023-09-19T18:23:34.110", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:webmin:usermin:2.001:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9CE9B3CB-9D26-492D-9584-317C5BE061EE"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}