CVE-2023-47095: XSS
First published: Tue Oct 31 2023(Updated: )
A Stored Cross-Site Scripting (XSS) vulnerability in the Custom fields of Edit Virtual Server under System Customization in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via the Batch Label field while details of Virtual Server.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Virtualmin | =7.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2023-47095?
CVE-2023-47095 is a Stored Cross-Site Scripting (XSS) vulnerability in the Custom fields of Edit Virtual Server under System Customization in Virtualmin 7.7.
How does CVE-2023-47095 affect Virtualmin?
CVE-2023-47095 allows remote attackers to inject arbitrary web script or HTML via the Batch Label field while details of Virtual Server.
What is the severity level of CVE-2023-47095?
CVE-2023-47095 has a severity level of medium, with a severity value of 5.4.
How can I fix CVE-2023-47095 in Virtualmin 7.7?
To fix CVE-2023-47095 in Virtualmin 7.7, it is recommended to update to the latest version or apply the necessary patches provided by Virtualmin.
What is CWE-79?
CWE-79 refers to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting').
- agent/type
- agent/first-publish-date
- agent/severity
- agent/references
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/softwarecombine
- agent/event
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/virtualmin
- canonical/virtualmin
- version/virtualmin/7.7