PT-2023-30307 · Unknown · Virtualmin

Pavanughade43

·

Publicado

2023-10-31

·

Atualizado

2023-11-06

·

CVE-2023-47099

CVSS v3.1

5.4

Média

VetorAV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions Virtualmin version 7.7
Description A Stored Cross-Site Scripting (XSS) issue in the Create Virtual Server functionality of Virtualmin allows remote attackers to inject arbitrary web script or HTML via the Description field while creating the Virtual server. This issue affects anyone who accesses the Virtual Server Summary tab.
Recommendations For Virtualmin version 7.7, consider disabling the Create Virtual Server functionality until a patch is available to prevent XSS attacks. Restrict access to the Virtual Server Summary tab to minimize the risk of exploitation. Avoid using the Description field in the Create Virtual Server functionality until the issue is resolved.

Exploit

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2023-47099

Produtos afetados

Virtualmin