CVE-2023-41157

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Usermin version 2.000

Description The issue allows remote attackers to inject arbitrary web script or HTML via the folder name parameter while creating a folder. This affects the management of the folder tab, filter tab, and forward mail tab.

Recommendations For Usermin version 2.000, consider restricting the ability to create folders or limiting the input for the folder name parameter to prevent arbitrary web script or HTML injection until a patch is available.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2023-41157

Affected Products

Usermin

CVE-2023-41157

Weakness Enumeration

Related Identifiers

Affected Products

References · 5