CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-41155
https://notcve.org/view.php?id=CVE-2023-41155
13 Sep 2023 — A Stored Cross-Site Scripting (XSS) vulnerability in the mail forwarding and replies tab in Webmin and Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the forward to field while creating a mail forwarding rule. Una vulnerabilidad de Cross-Site Scripting (XSS) almacenado en la pestaña de reenvío de correo y respuestas en Webmin y Usermin 2.000 permite a atacantes remotos inyectar scripts web o HTML de su elección a través del campo reenviar a mientras crean una regla de reenv... • https://github.com/shindeanik/Usermin-2.000/blob/main/CVE-2023-41155 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41158
https://notcve.org/view.php?id=CVE-2023-41158
13 Sep 2023 — A Stored Cross-Site Scripting (XSS) vulnerability in the MIME type programs tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the description field while creating a new MIME type program. Una vulnerabilidad de Cross-Site Scripting (XSS) almacenado en la pestaña de programas de tipo MIME en Usermin 2.000 permite a atacantes remotos inyectar scripts web o HTML de su elección a través del campo de descripción mientras crean un nuevo programa de tipo MIME. • https://github.com/shindeanik/Usermin-2.000/blob/main/CVE-2023-41158 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41162
https://notcve.org/view.php?id=CVE-2023-41162
13 Sep 2023 — A Reflected Cross-site scripting (XSS) vulnerability in the file manager tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the file mask field while searching under the tools drop down. Una vulnerabilidad de Cross-Site Scripting (XSS) Reflejada en la pestaña del administrador de archivos en Usermin 2.000 permite a atacantes remotos inyectar scripts web o HTML arbitrarias a través del campo de máscara de archivos mientras buscan en el menú desplegable de herramientas. • https://github.com/shindeanik/Usermin-2.000/blob/main/CVE-2023-41162 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41161
https://notcve.org/view.php?id=CVE-2023-41161
07 Sep 2023 — Multiple stored cross-site scripting (XSS) vulnerabilities in Usermin 2.000 allow remote attackers to inject arbitrary web script or HTML via the key comment to different pages such as public key details, Export key, sign key, send to key server page, and fetch from key server page tab. Múltiples vulnerabilidades de Cross-Site Scripting (XSS) almacenadas en Usermin 2.000 permite a atacantes remotos inyectar script web o HTML arbitrarios mediante a través del comentario de la clave a diferentes páginas, como... • https://github.com/shindeanik/Usermin-2.000/blob/main/CVE-2023-41161 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41163
https://notcve.org/view.php?id=CVE-2023-41163
30 Aug 2023 — A Reflected Cross-site scripting (XSS) vulnerability in the file manager tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the replace in results field while replacing the results under the tools drop down. • https://github.com/shindeanik/Usermin-2.000/blob/main/CVE-2023-41163 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41153
https://notcve.org/view.php?id=CVE-2023-41153
29 Aug 2023 — A Stored Cross-Site Scripting (XSS) vulnerability in the SSH configuration tab in Usermin 2.001 allows remote attackers to inject arbitrary web script or HTML via options for the host value while editing the host options. • https://github.com/shindeanik/Usermin-2.001/blob/main/CVE-2023-41153 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-38303
https://notcve.org/view.php?id=CVE-2023-38303
31 Jul 2023 — An issue was discovered in Webmin 2.021. One can exploit a stored Cross-Site Scripting (XSS) attack to achieve Remote Command Execution (RCE) through the Users and Group's real name parameter. • https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38303 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-38304
https://notcve.org/view.php?id=CVE-2023-38304
31 Jul 2023 — An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the Users and Groups functionality, allowing an attacker to store a malicious payload in the Group Name field when creating a new group. • https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38304 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-38305
https://notcve.org/view.php?id=CVE-2023-38305
31 Jul 2023 — An issue was discovered in Webmin 2.021. The download functionality allows an attacker to exploit a Cross-Site Scripting (XSS) vulnerability. By providing a crafted download path containing a malicious payload, an attacker can inject arbitrary code, which is then executed within the context of the victim's browser when the download link is accessed. • https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38305 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-38306
https://notcve.org/view.php?id=CVE-2023-38306
31 Jul 2023 — An issue was discovered in Webmin 2.021. A Cross-site Scripting (XSS) Bypass vulnerability was discovered in the file upload functionality. Normally, the application restricts the upload of certain file types such as .svg, .php, etc., and displays an error message if a prohibited file type is detected. However, by following certain steps, an attacker can bypass these restrictions and inject malicious code. • https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38306 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •