Usermin Security Vulnerabilities and Issues — Usermin CVE List

Lucene search

WebminUsermin

11 matches found

CVE•added 2023/09/14 9:15 p.m.•102 views

CVE-2023-41160

A Stored Cross-Site Scripting (XSS) vulnerability in the SSH configuration tab in Usermin 2.001 allows remote attackers to inject arbitrary web script or HTML via the key name field while adding an authorized key.

5.4CVSS5.2AI score0.0011EPSS

CVE•added 2023/09/14 9:15 p.m.•86 views

CVE-2023-41156

A Stored Cross-Site Scripting (XSS) vulnerability in the filter and forward mail tab in Usermin 2.001 allows remote attackers to inject arbitrary web script or HTML via the save to new folder named field while creating a new filter.

5.4CVSS5.2AI score0.00096EPSS

CVE•added 2023/09/16 6:15 a.m.•86 views

CVE-2023-41157

Multiple stored cross-site scripting (XSS) vulnerabilities in Usermin 2.000 allow remote attackers to inject arbitrary web script or HTML via the folder name parameter while creating the folder to manage the folder tab, filter tab, and forward mail tab.

5.4CVSS5.3AI score0.00088EPSS

CVE•added 2024/10/16 9:15 p.m.•56 views

CVE-2024-44762

A discrepancy in error messages for invalid login attempts in Webmin Usermin v2.100 allows attackers to enumerate valid user accounts.

5.3CVSS7.1AI score0.24733EPSS

CVE•added 2023/08/29 10:15 p.m.•47 views

CVE-2023-41153

A Stored Cross-Site Scripting (XSS) vulnerability in the SSH configuration tab in Usermin 2.001 allows remote attackers to inject arbitrary web script or HTML via options for the host value while editing the host options.

5.4CVSS5.2AI score0.00085EPSS

CVE•added 2023/09/13 10:15 p.m.•40 views

CVE-2023-41155

A Stored Cross-Site Scripting (XSS) vulnerability in the mail forwarding and replies tab in Webmin and Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the forward to field while creating a mail forwarding rule.

5.4CVSS5.2AI score0.00088EPSS

CVE•added 2023/09/13 10:15 p.m.•34 views

CVE-2023-41152

A Stored Cross-Site Scripting (XSS) vulnerability in the MIME type programs tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the handle program field while creating a new MIME type program.

5.4CVSS5.2AI score0.00088EPSS

CVE•added 2023/09/13 10:15 p.m.•34 views

CVE-2023-41158

A Stored Cross-Site Scripting (XSS) vulnerability in the MIME type programs tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the description field while creating a new MIME type program.

5.4CVSS5.2AI score0.00088EPSS

CVE•added 2023/09/13 10:15 p.m.•33 views

CVE-2023-41154

A Stored Cross-Site Scripting (XSS) vulnerability in the scheduled cron jobs tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the value field parameter while creating a new environment variable.

5.4CVSS5.2AI score0.00088EPSS

CVE•added 2023/09/14 9:15 p.m.•30 views

CVE-2023-41159

A Stored Cross-Site Scripting (XSS) vulnerability while editing the autoreply file page in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML by editing the forward file manually.

5.4CVSS5.2AI score0.00096EPSS

CVE•added 2023/09/07 10:15 p.m.•30 views

CVE-2023-41161

Multiple stored cross-site scripting (XSS) vulnerabilities in Usermin 2.000 allow remote attackers to inject arbitrary web script or HTML via the key comment to different pages such as public key details, Export key, sign key, send to key server page, and fetch from key server page tab.

5.4CVSS5.3AI score0.00088EPSS