CVE-2023-47099

MEDIUM

Virtualmin 7.7 - Stored Cross-Site Scripting via Description Field

Title source: llm

Description

A Stored Cross-Site Scripting (XSS) vulnerability in the Create Virtual Server in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via Description field while creating the Virtual server.

References (1)

Core 1

Core References

Exploit, Third Party Advisory

https://github.com/pavanughade43/Virtualmin-7.7/blob/main/CVE-2023-47099

View Exploit ZIP pw:eip

Scores

CVSS v3 5.4

EPSS 0.0044

EPSS Percentile 35.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (1)

virtualmin/virtualmin 7.7

Published Nov 01, 2023

Tracked Since Feb 18, 2026