CVE-2023-47098

MEDIUM

Virtualmin 7.7 - Stored Cross-Site Scripting in Manage Extra Admins via Real Name or Description Field

Title source: llm

Description

A Stored Cross-Site Scripting (XSS) vulnerability in the Manage Extra Admins under Administration Options in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via the real name or description field.

References (1)

Core 1

Core References

Exploit, Third Party Advisory

https://github.com/pavanughade43/Virtualmin-7.7/blob/main/CVE-2023-47098

View Exploit ZIP pw:eip

Scores

CVSS v3 4.8

EPSS 0.0045

EPSS Percentile 36.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (1)

virtualmin/virtualmin 7.7

Published Nov 01, 2023

Tracked Since Feb 18, 2026