Описание
A Stored Cross-Site Scripting (XSS) vulnerability in the Manage Extra Admins under Administration Options in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via the real name or description field.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:virtualmin:virtualmin:7.7:*:*:*:*:*:*:*
EPSS
Процентиль: 23%
0.00077
Низкий
4.8 Medium
CVSS3
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 4.8
github
больше 2 лет назад
An issue was discovered in Virtualmin 7.7. A Stored Cross-Site Scripting (XSS) vulnerability exists in the Create Extra Administrator tab via the "Real name or description" field.
EPSS
Процентиль: 23%
0.00077
Низкий
4.8 Medium
CVSS3
Дефекты
CWE-79