Описание
A Stored Cross-Site Scripting (XSS) vulnerability in the Create Virtual Server in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via Description field while creating the Virtual server.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:virtualmin:virtualmin:7.7:*:*:*:*:*:*:*
EPSS
Процентиль: 29%
0.00103
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 5.4
github
больше 2 лет назад
An issue was discovered in Virtualmin 7.7. The Create Virtual Server functionality allows XSS attacks against anyone who accesses the Virtual Server Summary tab.
EPSS
Процентиль: 29%
0.00103
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-79