CVE-2023-41161
https://notcve.org/view.php?id=CVE-2023-41161
Multiple stored cross-site scripting (XSS) vulnerabilities in Usermin 2.000 allow remote attackers to inject arbitrary web script or HTML via the key comment to different pages such as public key details, Export key, sign key, send to key server page, and fetch from key server page tab. Múltiples vulnerabilidades de Cross-Site Scripting (XSS) almacenadas en Usermin 2.000 permite a atacantes remotos inyectar script web o HTML arbitrarios mediante a través del comentario de la clave a diferentes páginas, como detalles de la clave pública, Exportar clave, Firmar clave, Enviar a la página del servidor de claves y Obtener de la pestaña de la página del servidor de claves. • https://github.com/shindeanik/Usermin-2.000/blob/main/CVE-2023-41161 https://webmin.com/tags/webmin-changelog • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-41163
https://notcve.org/view.php?id=CVE-2023-41163
A Reflected Cross-site scripting (XSS) vulnerability in the file manager tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the replace in results field while replacing the results under the tools drop down. • https://github.com/shindeanik/Usermin-2.000/blob/main/CVE-2023-41163 https://webmin.com/tags/webmin-changelog • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-41153
https://notcve.org/view.php?id=CVE-2023-41153
A Stored Cross-Site Scripting (XSS) vulnerability in the SSH configuration tab in Usermin 2.001 allows remote attackers to inject arbitrary web script or HTML via options for the host value while editing the host options. • https://github.com/shindeanik/Usermin-2.001/blob/main/CVE-2023-41153 https://webmin.com/tags/webmin-changelog • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-38303
https://notcve.org/view.php?id=CVE-2023-38303
An issue was discovered in Webmin 2.021. One can exploit a stored Cross-Site Scripting (XSS) attack to achieve Remote Command Execution (RCE) through the Users and Group's real name parameter. • https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38303 https://webmin.com/tags/webmin-changelog • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-38305
https://notcve.org/view.php?id=CVE-2023-38305
An issue was discovered in Webmin 2.021. The download functionality allows an attacker to exploit a Cross-Site Scripting (XSS) vulnerability. By providing a crafted download path containing a malicious payload, an attacker can inject arbitrary code, which is then executed within the context of the victim's browser when the download link is accessed. • https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38305 https://webmin.com/tags/webmin-changelog • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •