Lucene search

MitreVULNRICHMENT:CVE-2023-41160

HistorySep 14, 2023 - 12:00 a.m.

CVE-2023-41160

2023-09-1400:00:00

mitre

github.com

cross-site scripting

remote attack

usermin

ssh configuration

authorized key

AI Score

5.5

Confidence

High

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

A Stored Cross-Site Scripting (XSS) vulnerability in the SSH configuration tab in Usermin 2.001 allows remote attackers to inject arbitrary web script or HTML via the key name field while adding an authorized key.

References

github.com/shindeanik/Usermin-2.001/blob/main/CVE-2023-41160

webmin.com/tags/webmin-changelog/