All the vulnerabilites related to virtualmin - virtualmin
cve-2023-47099
Vulnerability from cvelistv5
Published
2023-10-31 00:00
Modified
2024-09-05 18:03
Severity ?
EPSS score ?
Summary
A Stored Cross-Site Scripting (XSS) vulnerability in the Create Virtual Server in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via Description field while creating the Virtual server.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:01:22.738Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/pavanughade43/Virtualmin-7.7/blob/main/CVE-2023-47099"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-47099",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-05T18:02:45.736128Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-05T18:03:02.998Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Stored Cross-Site Scripting (XSS) vulnerability in the Create Virtual Server in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via Description field while creating the Virtual server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-01T21:54:25.409685",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/pavanughade43/Virtualmin-7.7/blob/main/CVE-2023-47099"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-47099",
"datePublished": "2023-10-31T00:00:00",
"dateReserved": "2023-10-30T00:00:00",
"dateUpdated": "2024-09-05T18:03:02.998Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-18207
Vulnerability from cvelistv5
Published
2018-10-10 15:00
Modified
2024-08-05 11:01
Severity ?
EPSS score ?
Summary
Virtualmin 6.03 allows Frame Injection via the settings-editor_read.cgi file parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://0day.today/exploit/description/31282 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:01:14.954Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://0day.today/exploit/description/31282"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-10-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Virtualmin 6.03 allows Frame Injection via the settings-editor_read.cgi file parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://0day.today/exploit/description/31282"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18207",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Virtualmin 6.03 allows Frame Injection via the settings-editor_read.cgi file parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://0day.today/exploit/description/31282",
"refsource": "MISC",
"url": "https://0day.today/exploit/description/31282"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-18207",
"datePublished": "2018-10-10T15:00:00",
"dateReserved": "2018-10-10T00:00:00",
"dateUpdated": "2024-08-05T11:01:14.954Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-18208
Vulnerability from cvelistv5
Published
2018-10-10 15:00
Modified
2024-08-05 11:01
Severity ?
EPSS score ?
Summary
Virtualmin 6.03 allows XSS via the query string, as demonstrated by the webmin_search.cgi URI.
References
| ▼ | URL | Tags |
|---|---|---|
| https://0day.today/exploit/description/31282 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:01:14.831Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://0day.today/exploit/description/31282"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-10-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Virtualmin 6.03 allows XSS via the query string, as demonstrated by the webmin_search.cgi URI."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://0day.today/exploit/description/31282"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18208",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Virtualmin 6.03 allows XSS via the query string, as demonstrated by the webmin_search.cgi URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://0day.today/exploit/description/31282",
"refsource": "MISC",
"url": "https://0day.today/exploit/description/31282"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-18208",
"datePublished": "2018-10-10T15:00:00",
"dateReserved": "2018-10-10T00:00:00",
"dateUpdated": "2024-08-05T11:01:14.831Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-45692
Vulnerability from cvelistv5
Published
2024-09-04 00:00
Modified
2024-09-05 13:43
Severity ?
EPSS score ?
Summary
Webmin before 2.202 and Virtualmin before 7.20.2 allow a network traffic loop via spoofed UDP packets on port 10000.
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "webmin",
"vendor": "webmin",
"versions": [
{
"lessThan": "2.202",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:virtualmin:virtualmin:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "virtualmin",
"vendor": "virtualmin",
"versions": [
{
"lessThan": "7.20.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-45692",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-05T13:39:24.498078Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "CWE-835 Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-05T13:43:51.165Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Webmin before 2.202 and Virtualmin before 7.20.2 allow a network traffic loop via spoofed UDP packets on port 10000."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-04T23:11:49.503438",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://cispa.de/en/loop-dos"
},
{
"url": "https://webmin.com"
},
{
"url": "https://www.openwall.com/lists/oss-security/2024/09/04/1"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-45692",
"datePublished": "2024-09-04T00:00:00",
"dateReserved": "2024-09-04T00:00:00",
"dateUpdated": "2024-09-05T13:43:51.165Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-47098
Vulnerability from cvelistv5
Published
2023-10-31 00:00
Modified
2024-09-05 18:04
Severity ?
EPSS score ?
Summary
A Stored Cross-Site Scripting (XSS) vulnerability in the Manage Extra Admins under Administration Options in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via the real name or description field.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:01:22.689Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/pavanughade43/Virtualmin-7.7/blob/main/CVE-2023-47098"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-47098",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-05T18:04:25.178553Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-05T18:04:40.654Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Stored Cross-Site Scripting (XSS) vulnerability in the Manage Extra Admins under Administration Options in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via the real name or description field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-01T21:26:16.553453",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/pavanughade43/Virtualmin-7.7/blob/main/CVE-2023-47098"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-47098",
"datePublished": "2023-10-31T00:00:00",
"dateReserved": "2023-10-30T00:00:00",
"dateUpdated": "2024-09-05T18:04:40.654Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-47096
Vulnerability from cvelistv5
Published
2023-10-31 00:00
Modified
2024-09-05 18:07
Severity ?
EPSS score ?
Summary
A Reflected Cross-Site Scripting (XSS) vulnerability in the Cloudmin Services Client under System Setting in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via the Cloudmin services master field.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:01:22.582Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/pavanughade43/Virtualmin-7.7/blob/main/CVE-2023-47096"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-47096",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-05T18:07:09.106717Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-05T18:07:31.242Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Reflected Cross-Site Scripting (XSS) vulnerability in the Cloudmin Services Client under System Setting in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via the Cloudmin services master field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-01T21:33:37.594493",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/pavanughade43/Virtualmin-7.7/blob/main/CVE-2023-47096"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-47096",
"datePublished": "2023-10-31T00:00:00",
"dateReserved": "2023-10-30T00:00:00",
"dateUpdated": "2024-09-05T18:07:31.242Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-47095
Vulnerability from cvelistv5
Published
2023-10-31 00:00
Modified
2024-09-05 18:09
Severity ?
EPSS score ?
Summary
A Stored Cross-Site Scripting (XSS) vulnerability in the Custom fields of Edit Virtual Server under System Customization in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via the Batch Label field while details of Virtual Server.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:01:22.674Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/pavanughade43/Virtualmin-7.7/blob/main/CVE-2023-47095"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-47095",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-05T18:08:45.609620Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-05T18:09:02.260Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Stored Cross-Site Scripting (XSS) vulnerability in the Custom fields of Edit Virtual Server under System Customization in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via the Batch Label field while details of Virtual Server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-01T21:21:22.286990",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/pavanughade43/Virtualmin-7.7/blob/main/CVE-2023-47095"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-47095",
"datePublished": "2023-10-31T00:00:00",
"dateReserved": "2023-10-30T00:00:00",
"dateUpdated": "2024-09-05T18:09:02.260Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-47097
Vulnerability from cvelistv5
Published
2023-10-31 00:00
Modified
2024-09-05 18:05
Severity ?
EPSS score ?
Summary
A Stored Cross-Site Scripting (XSS) vulnerability in the Server Template under System Setting in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via the Template name field while creating server templates.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:01:22.679Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/pavanughade43/Virtualmin-7.7/blob/main/CVE-2023-47097"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-47097",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-05T18:05:34.728617Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-05T18:05:50.531Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Stored Cross-Site Scripting (XSS) vulnerability in the Server Template under System Setting in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via the Template name field while creating server templates."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-01T21:30:21.100876",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/pavanughade43/Virtualmin-7.7/blob/main/CVE-2023-47097"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-47097",
"datePublished": "2023-10-31T00:00:00",
"dateReserved": "2023-10-30T00:00:00",
"dateUpdated": "2024-09-05T18:05:50.531Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-47094
Vulnerability from cvelistv5
Published
2023-10-31 00:00
Modified
2024-09-05 18:10
Severity ?
EPSS score ?
Summary
A Stored Cross-Site Scripting (XSS) vulnerability in the Account Plans tab of System Settings in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via the Plan name field while editing Account plan details.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:01:22.675Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/pavanughade43/Virtualmin-7.7/blob/main/CVE-2023-47094"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-47094",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-05T18:10:18.869995Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-05T18:10:43.292Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Stored Cross-Site Scripting (XSS) vulnerability in the Account Plans tab of System Settings in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via the Plan name field while editing Account plan details."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-01T21:46:27.191019",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/pavanughade43/Virtualmin-7.7/blob/main/CVE-2023-47094"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-47094",
"datePublished": "2023-10-31T00:00:00",
"dateReserved": "2023-10-30T00:00:00",
"dateUpdated": "2024-09-05T18:10:43.292Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2023-11-01 00:15
Modified
2024-11-21 08:29
Severity ?
Summary
A Stored Cross-Site Scripting (XSS) vulnerability in the Custom fields of Edit Virtual Server under System Customization in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via the Batch Label field while details of Virtual Server.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/pavanughade43/Virtualmin-7.7/blob/main/CVE-2023-47095 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/pavanughade43/Virtualmin-7.7/blob/main/CVE-2023-47095 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| virtualmin | virtualmin | 7.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:virtualmin:virtualmin:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "39D7B952-7F2D-48ED-893F-DDC5039B3DC9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Stored Cross-Site Scripting (XSS) vulnerability in the Custom fields of Edit Virtual Server under System Customization in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via the Batch Label field while details of Virtual Server."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Cross-Site Scripting (XSS) Almacenada en Custom fields de Edit Virtual Server bajo System Customization en Virtualmin 7.7 permite a atacantes remotos inyectar script web o HTML arbitrario a trav\u00e9s del campo Etiqueta de Lote mientras se muestran detalles del Servidor Virtual."
}
],
"id": "CVE-2023-47095",
"lastModified": "2024-11-21T08:29:45.580",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-01T00:15:09.423",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/pavanughade43/Virtualmin-7.7/blob/main/CVE-2023-47095"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/pavanughade43/Virtualmin-7.7/blob/main/CVE-2023-47095"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-10-10 15:29
Modified
2024-11-21 03:55
Severity ?
Summary
Virtualmin 6.03 allows XSS via the query string, as demonstrated by the webmin_search.cgi URI.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://0day.today/exploit/description/31282 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://0day.today/exploit/description/31282 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| virtualmin | virtualmin | 6.03 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:virtualmin:virtualmin:6.03:*:*:*:*:*:*:*",
"matchCriteriaId": "EE35BA02-C463-4CEA-A5B8-2B352FB3B5EC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Virtualmin 6.03 allows XSS via the query string, as demonstrated by the webmin_search.cgi URI."
},
{
"lang": "es",
"value": "Virtualmin 6.03 permite Cross-Site Scripting (XSS) mediante la cadena query, tal y como queda demostrado con el URI webmin_search.cgi."
}
],
"id": "CVE-2018-18208",
"lastModified": "2024-11-21T03:55:32.610",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-10-10T15:29:00.737",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://0day.today/exploit/description/31282"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://0day.today/exploit/description/31282"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-01 00:15
Modified
2024-11-21 08:29
Severity ?
Summary
A Reflected Cross-Site Scripting (XSS) vulnerability in the Cloudmin Services Client under System Setting in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via the Cloudmin services master field.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/pavanughade43/Virtualmin-7.7/blob/main/CVE-2023-47096 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/pavanughade43/Virtualmin-7.7/blob/main/CVE-2023-47096 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| virtualmin | virtualmin | 7.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:virtualmin:virtualmin:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "39D7B952-7F2D-48ED-893F-DDC5039B3DC9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Reflected Cross-Site Scripting (XSS) vulnerability in the Cloudmin Services Client under System Setting in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via the Cloudmin services master field."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Cross-Site Scripting (XSS) Reflejada en Cloudmin Services Client bajo System Setting en Virtualmin 7.7 permite a atacantes remotos inyectar script web o HTML arbitrario a trav\u00e9s del campo maestro de servicios Cloudmin."
}
],
"id": "CVE-2023-47096",
"lastModified": "2024-11-21T08:29:45.727",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-01T00:15:09.467",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/pavanughade43/Virtualmin-7.7/blob/main/CVE-2023-47096"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/pavanughade43/Virtualmin-7.7/blob/main/CVE-2023-47096"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-01 00:15
Modified
2024-11-21 08:29
Severity ?
Summary
A Stored Cross-Site Scripting (XSS) vulnerability in the Manage Extra Admins under Administration Options in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via the real name or description field.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/pavanughade43/Virtualmin-7.7/blob/main/CVE-2023-47098 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/pavanughade43/Virtualmin-7.7/blob/main/CVE-2023-47098 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| virtualmin | virtualmin | 7.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:virtualmin:virtualmin:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "39D7B952-7F2D-48ED-893F-DDC5039B3DC9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Stored Cross-Site Scripting (XSS) vulnerability in the Manage Extra Admins under Administration Options in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via the real name or description field."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Cross-Site Scripting (XSS) Almacenada en Manage Extra Admins bajo Administration Options en Virtualmin 7.7 permite a atacantes remotos inyectar script web o HTML arbitrarion a trav\u00e9s del nombre real o el campo de descripci\u00f3n."
}
],
"id": "CVE-2023-47098",
"lastModified": "2024-11-21T08:29:46.013",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-01T00:15:09.547",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/pavanughade43/Virtualmin-7.7/blob/main/CVE-2023-47098"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/pavanughade43/Virtualmin-7.7/blob/main/CVE-2023-47098"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-01 00:15
Modified
2024-11-21 08:29
Severity ?
Summary
A Stored Cross-Site Scripting (XSS) vulnerability in the Create Virtual Server in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via Description field while creating the Virtual server.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/pavanughade43/Virtualmin-7.7/blob/main/CVE-2023-47099 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/pavanughade43/Virtualmin-7.7/blob/main/CVE-2023-47099 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| virtualmin | virtualmin | 7.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:virtualmin:virtualmin:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "39D7B952-7F2D-48ED-893F-DDC5039B3DC9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Stored Cross-Site Scripting (XSS) vulnerability in the Create Virtual Server in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via Description field while creating the Virtual server."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Cross-Site Scripting (XSS) Almacenada en Create Virtual Server en Virtualmin 7.7 permite a atacantes remotos inyectar script web o HTML arbitrario a trav\u00e9s del campo Descripci\u00f3n mientras crean el servidor Virtual."
}
],
"id": "CVE-2023-47099",
"lastModified": "2024-11-21T08:29:46.157",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-01T00:15:09.583",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/pavanughade43/Virtualmin-7.7/blob/main/CVE-2023-47099"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/pavanughade43/Virtualmin-7.7/blob/main/CVE-2023-47099"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-01 00:15
Modified
2024-11-21 08:29
Severity ?
Summary
A Stored Cross-Site Scripting (XSS) vulnerability in the Server Template under System Setting in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via the Template name field while creating server templates.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/pavanughade43/Virtualmin-7.7/blob/main/CVE-2023-47097 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/pavanughade43/Virtualmin-7.7/blob/main/CVE-2023-47097 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| virtualmin | virtualmin | 7.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:virtualmin:virtualmin:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "39D7B952-7F2D-48ED-893F-DDC5039B3DC9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Stored Cross-Site Scripting (XSS) vulnerability in the Server Template under System Setting in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via the Template name field while creating server templates."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Cross-Site Scripting (XSS) Almacenada en Server Template bajo System Setting en Virtualmin 7.7 permite a atacantes remotos inyectar script web o HTML arbitrario a trav\u00e9s del campo nombre de la Plantilla mientras crean plantillas de servidor."
}
],
"id": "CVE-2023-47097",
"lastModified": "2024-11-21T08:29:45.870",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-01T00:15:09.507",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/pavanughade43/Virtualmin-7.7/blob/main/CVE-2023-47097"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/pavanughade43/Virtualmin-7.7/blob/main/CVE-2023-47097"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-09-04 23:15
Modified
2024-09-05 21:35
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Webmin before 2.202 and Virtualmin before 7.20.2 allow a network traffic loop via spoofed UDP packets on port 10000.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://cispa.de/en/loop-dos | Technical Description | |
| cve@mitre.org | https://webmin.com | Product | |
| cve@mitre.org | https://www.openwall.com/lists/oss-security/2024/09/04/1 | Mailing List |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| virtualmin | virtualmin | * | |
| webmin | webmin | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:virtualmin:virtualmin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A24DE54E-A013-48BE-BCEE-2BA5B787935F",
"versionEndExcluding": "7.20.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "514CA70F-98FB-4640-A7CD-EFB0EF9D9C7A",
"versionEndExcluding": "2.202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Webmin before 2.202 and Virtualmin before 7.20.2 allow a network traffic loop via spoofed UDP packets on port 10000."
},
{
"lang": "es",
"value": "Webmin anterior a 2.202 y Virtualmin anterior a 7.20.2 permiten un bucle de tr\u00e1fico de red a trav\u00e9s de paquetes UDP falsificados en el puerto 10000."
}
],
"id": "CVE-2024-45692",
"lastModified": "2024-09-05T21:35:14.337",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-09-04T23:15:12.887",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Technical Description"
],
"url": "https://cispa.de/en/loop-dos"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://webmin.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://www.openwall.com/lists/oss-security/2024/09/04/1"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-835"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-835"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-01 00:15
Modified
2024-11-21 08:29
Severity ?
Summary
A Stored Cross-Site Scripting (XSS) vulnerability in the Account Plans tab of System Settings in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via the Plan name field while editing Account plan details.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/pavanughade43/Virtualmin-7.7/blob/main/CVE-2023-47094 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/pavanughade43/Virtualmin-7.7/blob/main/CVE-2023-47094 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| virtualmin | virtualmin | 7.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:virtualmin:virtualmin:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "39D7B952-7F2D-48ED-893F-DDC5039B3DC9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Stored Cross-Site Scripting (XSS) vulnerability in the Account Plans tab of System Settings in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via the Plan name field while editing Account plan details."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Cross-Site Scripting (XSS) Almacenada en Account Plans pesta\u00f1a de System Settings en Virtualmin 7.7 permite a atacantes remotos inyectar script web o HTML arbitrario a trav\u00e9s del campo nombre del Plan mientras editan los detalles del plan de Cuenta."
}
],
"id": "CVE-2023-47094",
"lastModified": "2024-11-21T08:29:45.430",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-01T00:15:09.380",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/pavanughade43/Virtualmin-7.7/blob/main/CVE-2023-47094"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/pavanughade43/Virtualmin-7.7/blob/main/CVE-2023-47094"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-10-10 15:29
Modified
2024-11-21 03:55
Severity ?
Summary
Virtualmin 6.03 allows Frame Injection via the settings-editor_read.cgi file parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://0day.today/exploit/description/31282 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://0day.today/exploit/description/31282 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| virtualmin | virtualmin | 6.03 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:virtualmin:virtualmin:6.03:*:*:*:*:*:*:*",
"matchCriteriaId": "EE35BA02-C463-4CEA-A5B8-2B352FB3B5EC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Virtualmin 6.03 allows Frame Injection via the settings-editor_read.cgi file parameter."
},
{
"lang": "es",
"value": "Virtualmin 6.03 permite la inyecci\u00f3n de tramas mediante el par\u00e1metro file en settings-editor_read.cgi."
}
],
"id": "CVE-2018-18207",
"lastModified": "2024-11-21T03:55:32.457",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-10-10T15:29:00.613",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://0day.today/exploit/description/31282"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://0day.today/exploit/description/31282"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-74"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}