CVE-2023-41163

{"id": "CVE-2023-41163", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2023-08-30T22:15:10.297", "references": [{"url": "https://github.com/shindeanik/Usermin-2.000/blob/main/CVE-2023-41163", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://webmin.com/tags/webmin-changelog/", "tags": ["Release Notes"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "A Reflected Cross-site scripting (XSS) vulnerability in the file manager tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the replace in results field while replacing the results under the tools drop down."}], "lastModified": "2023-09-05T19:37:16.743", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:webmin:webmin:2.000:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "32C6CF7F-1287-4AB2-B4C0-801AC1EC3CB5"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}