CVE-2023-47096

{"id": "CVE-2023-47096", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2023-11-01T00:15:09.467", "references": [{"url": "https://github.com/pavanughade43/Virtualmin-7.7/blob/main/CVE-2023-47096", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/pavanughade43/Virtualmin-7.7/blob/main/CVE-2023-47096", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "A Reflected Cross-Site Scripting (XSS) vulnerability in the Cloudmin Services Client under System Setting in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via the Cloudmin services master field."}, {"lang": "es", "value": "Una vulnerabilidad de Cross-Site Scripting (XSS) Reflejada en Cloudmin Services Client bajo System Setting en Virtualmin 7.7 permite a atacantes remotos inyectar script web o HTML arbitrario a trav\u00e9s del campo maestro de servicios Cloudmin."}], "lastModified": "2024-11-21T08:29:45.727", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:virtualmin:virtualmin:7.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "39D7B952-7F2D-48ED-893F-DDC5039B3DC9"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}