Reflected Cross-Site Scripting Vulnerability in Usermin by Webmin
CVE-2023-41163

6.1MEDIUM

Key Information:

Vendor: Webmin
Status: Webmin
Vendor: CVE Published:; 30 August 2023

What is CVE-2023-41163?

This vulnerability allows remote attackers to execute arbitrary web scripts or HTML by exploiting the file manager tab in Usermin 2.000. By manipulating the 'replace in results' field in the tools dropdown, attackers can inject malicious scripts, potentially compromising user sessions and sensitive information. It's crucial for users of Usermin to assess their risk and apply necessary security measures.

References

https://webmin.com/tags/webmin-changelog/

https://github.com/shindeanik/Usermin-2.000/blob/main/CVE...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 30, 2023
Vulnerability Reserved
Aug 24, 2023