CVE-2023-41161

Name of the Vulnerable Software and Affected Versions Usermin version 2.000

Description Multiple stored cross-site scripting (XSS) vulnerabilities allow remote attackers to inject arbitrary web script or HTML via the key comment to different pages, including public key details, Export key, sign key, send to key server page, and fetch from key server page tab.

Recommendations For Usermin version 2.000, consider disabling the key comment feature until a patch is available to prevent exploitation of the stored XSS vulnerabilities. Restrict access to the affected pages, such as public key details, Export key, sign key, send to key server page, and fetch from key server page tab, to minimize the risk of exploitation. Avoid using the key comment field in these pages until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.