CVE-2023-41155

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-41155

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-41155.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-41155

Published

2023-09-13T22:15:08.747Z

Modified

2026-03-14T14:56:24.671842Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

A Stored Cross-Site Scripting (XSS) vulnerability in the mail forwarding and replies tab in Webmin and Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the forward to field while creating a mail forwarding rule.

References

Affected packages

Git / github.com/webmin/usermin

Affected ranges

Type

GIT

Repo

https://github.com/webmin/usermin

Events

Introduced

Last affected

b46217c78c28d80757294388b6803b762e799fdd

Introduced

Last affected

b46217c78c28d80757294388b6803b762e799fdd

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.000"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.000"
        }
    ]
}

Affected versions

1.*

1.803

1.810

1.812

1.820

1.823

1.830

1.832

1.833

1.834

1.840

1.841

1.850

1.851

1.852

1.853

1.854

1.860

1.861

2.*

2.000

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-41155.json"