CVE-2023-47094: XSS
First published: Tue Oct 31 2023(Updated: )
A Stored Cross-Site Scripting (XSS) vulnerability in the Account Plans tab of System Settings in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via the Plan name field while editing Account plan details.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Virtualmin | =7.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2023-47094?
CVE-2023-47094 refers to a Stored Cross-Site Scripting (XSS) vulnerability in the Account Plans tab of System Settings in Virtualmin 7.7.
How does CVE-2023-47094 affect Virtualmin 7.7?
The vulnerability allows remote attackers to inject arbitrary web script or HTML via the Plan name field while editing Account plan details in Virtualmin 7.7.
What is the severity of CVE-2023-47094?
CVE-2023-47094 has a severity value of 5.4, which is considered medium.
What is the Common Weakness Enumeration (CWE) associated with CVE-2023-47094?
CVE-2023-47094 is associated with CWE-79, which is the Cross-Site Scripting (XSS) weakness.
How can I fix CVE-2023-47094 in Virtualmin 7.7?
To fix CVE-2023-47094, it is recommended to apply the latest security patches or updates provided by Virtualmin.
- agent/type
- agent/first-publish-date
- agent/severity
- agent/references
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/softwarecombine
- agent/event
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/virtualmin
- canonical/virtualmin
- version/virtualmin/7.7