CVE-2023-47096

MEDIUM

Virtualmin 7.7 - Reflected Cross-Site Scripting via Cloudmin Services Master Field

Title source: llm

Description

A Reflected Cross-Site Scripting (XSS) vulnerability in the Cloudmin Services Client under System Setting in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via the Cloudmin services master field.

References (1)

Core 1

Core References

Exploit, Third Party Advisory

https://github.com/pavanughade43/Virtualmin-7.7/blob/main/CVE-2023-47096

View Exploit ZIP pw:eip

Scores

CVSS v3 5.4

EPSS 0.0041

EPSS Percentile 32.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (1)

virtualmin/virtualmin 7.7

Published Nov 01, 2023

Tracked Since Feb 18, 2026