PT-2023-27827 · Webmin+1 · Webmin+1

Published

2023-09-13

Updated

2023-09-15

CVE-2023-41152

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Usermin version 2.000 Webmin and Usermin version 2.000

Description A Stored Cross-Site Scripting (XSS) issue exists in the MIME type programs tab, allowing remote attackers to inject arbitrary web script or HTML via the handle program field while creating a new MIME type program.

Recommendations For Usermin version 2.000, consider disabling the MIME type programs tab until a patch is available. For Webmin and Usermin version 2.000, restrict access to the MIME type programs tab to minimize the risk of exploitation. Avoid using the handle program field in the affected MIME type programs tab until the issue is resolved.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2023-41152

Affected Products

Usermin

Webmin

PT-2023-27827 · Webmin+1 · Webmin+1

CVE-2023-41152

Weakness Enumeration

Related Identifiers

Affected Products

References · 5