CVE-2023-47095

MEDIUM

Virtualmin - XSS

Title source: rule

Description

A Stored Cross-Site Scripting (XSS) vulnerability in the Custom fields of Edit Virtual Server under System Customization in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via the Batch Label field while details of Virtual Server.

References (1)

Core 1

Core References

Exploit, Third Party Advisory

https://github.com/pavanughade43/Virtualmin-7.7/blob/main/CVE-2023-47095

View Exploit ZIP pw:eip

Scores

CVSS v3 5.4

EPSS 0.0012

EPSS Percentile 30.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (1)

virtualmin/virtualmin 7.7

Published Nov 01, 2023

Tracked Since Feb 18, 2026