CVE-2023-41155

A Stored Cross-Site Scripting (XSS) vulnerability in the mail forwarding and replies tab in Webmin and Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the forward to field while creating a mail forwarding rule.

CVSS v3 5.4 MEDIUM

5.4^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.3 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://github.com/shindeanik/Usermin-2.000/blob/main/CVE-2023-41155	Third Party Advisory
https://webmin.com/tags/webmin-changelog/	Release Notes
https://github.com/shindeanik/Usermin-2.000/blob/main/CVE-2023-41155	Third Party Advisory
https://webmin.com/tags/webmin-changelog/	Release Notes

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:webmin:usermin:2.000:::::::*
	cpe:2.3:a:webmin:webmin:2.000:::::::*

History

21 Nov 2024, 08:20

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-09-13 22:15

Updated : 2024-11-21 08:20

NVD link : CVE-2023-41155

Mitre link : CVE-2023-41155

CVE.ORG link : CVE-2023-41155

JSON object : View

Products Affected

webmin

usermin
webmin

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2023-41155", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2023-09-13T22:15:08.747", "references": [{"url": "https://github.com/shindeanik/Usermin-2.000/blob/main/CVE-2023-41155", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://webmin.com/tags/webmin-changelog/", "tags": ["Release Notes"], "source": "cve@mitre.org"}, {"url": "https://github.com/shindeanik/Usermin-2.000/blob/main/CVE-2023-41155", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://webmin.com/tags/webmin-changelog/", "tags": ["Release Notes"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "A Stored Cross-Site Scripting (XSS) vulnerability in the mail forwarding and replies tab in Webmin and Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the forward to field while creating a mail forwarding rule."}, {"lang": "es", "value": "Una vulnerabilidad de Cross-Site Scripting (XSS) almacenado en la pesta\u00f1a de reenv\u00edo de correo y respuestas en Webmin y Usermin 2.000 permite a atacantes remotos inyectar scripts web o HTML de su elecci\u00f3n a trav\u00e9s del campo reenviar a mientras crean una regla de reenv\u00edo de correo."}], "lastModified": "2024-11-21T08:20:41.027", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:webmin:usermin:2.000:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ED13897E-B6FB-4976-9037-2136FDFE1A50"}, {"criteria": "cpe:2.3:a:webmin:webmin:2.000:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "32C6CF7F-1287-4AB2-B4C0-801AC1EC3CB5"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}