Hindeanik

**Name of the Vulnerable Software and Affected Versions** Usermin version 2.001 **Description** A Stored Cross-Site Scripting (XSS) vulnerability in the SSH configuration tab allows remote attackers to inject arbitrary web script or HTML via the `key name` field while adding an authorized key. **Recommendations** For Usermin version 2.001, as a temporary workaround, consider restricting access to the SSH configuration tab until a patch is available. Avoid using the `key name` field in the affected SSH configuration tab to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.