CVE-2023-41155

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Sep 13, 2023

Updated: Sep 18, 2023

CWE ID 79

Summary

CVE-2023-41155 is a newly discovered Stored Cross-Site Scripting (XSS) vulnerability affecting Webmin and Usermin 2.000. This issue enables remote attackers to inject malicious web scripts or HTML code into the mail forwarding and replies tab. By manipulating the forward-to field when creating a mail forwarding rule, an attacker can execute arbitrary code on unsuspecting users, potentially leading to data theft or unauthorized system access. This vulnerability poses a significant threat to organizations using these applications and requires immediate attention and patching to mitigate the risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

Webmin

Affected Vendors

The Webmin Community

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Know What Matters

For Customers

For Partners