CVE-2023-47094

MEDIUM

Virtualmin - XSS

Title source: rule

Description

A Stored Cross-Site Scripting (XSS) vulnerability in the Account Plans tab of System Settings in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via the Plan name field while editing Account plan details.

References (1)

Core 1

Core References

Exploit, Third Party Advisory

https://github.com/pavanughade43/Virtualmin-7.7/blob/main/CVE-2023-47094

View Exploit ZIP pw:eip

Scores

CVSS v3 5.4

EPSS 0.0012

EPSS Percentile 30.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (1)

virtualmin/virtualmin 7.7

Published Nov 01, 2023

Tracked Since Feb 18, 2026