CVE-2023-41156: XSS
First published: Thu Sep 14 2023(Updated: )
A Stored Cross-Site Scripting (XSS) vulnerability in the filter and forward mail tab in Usermin 2.001 allows remote attackers to inject arbitrary web script or HTML via the save to new folder named field while creating a new filter.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Webmin Usermin | =2.001 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability type of CVE-2023-41156?
Stored Cross-Site Scripting (XSS).
How does CVE-2023-41156 affect Usermin?
It allows remote attackers to inject arbitrary web script or HTML via the 'save to new folder named' field while creating a new filter.
What is the severity of CVE-2023-41156?
The severity of CVE-2023-41156 is medium with a CVSS score of 5.4.
What is the Common Weakness Enumeration (CWE) ID associated with CVE-2023-41156?
The CWE ID associated with CVE-2023-41156 is CWE-79.
How can I fix CVE-2023-41156?
To fix CVE-2023-41156, update to a version of Usermin that is not affected by the vulnerability.
- collector/nvd-api
- collector/nvd-index
- agent/severity
- agent/weakness
- agent/author
- agent/references
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/webmin
- canonical/webmin usermin
- version/webmin usermin/2.001