CVE-2023-41155

{"id": "CVE-2023-41155", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2023-09-13T22:15:08.747", "references": [{"url": "https://github.com/shindeanik/Usermin-2.000/blob/main/CVE-2023-41155", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://webmin.com/tags/webmin-changelog/", "tags": ["Release Notes"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "A Stored Cross-Site Scripting (XSS) vulnerability in the mail forwarding and replies tab in Webmin and Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the forward to field while creating a mail forwarding rule."}, {"lang": "es", "value": "Una vulnerabilidad de Cross-Site Scripting (XSS) almacenado en la pesta\u00f1a de reenv\u00edo de correo y respuestas en Webmin y Usermin 2.000 permite a atacantes remotos inyectar scripts web o HTML de su elecci\u00f3n a trav\u00e9s del campo reenviar a mientras crean una regla de reenv\u00edo de correo."}], "lastModified": "2023-09-18T14:12:15.923", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:webmin:usermin:2.000:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ED13897E-B6FB-4976-9037-2136FDFE1A50"}, {"criteria": "cpe:2.3:a:webmin:webmin:2.000:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "32C6CF7F-1287-4AB2-B4C0-801AC1EC3CB5"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}