CVE-2023-47095

Name of the Vulnerable Software and Affected Versions Virtualmin version 7.7

Description A Stored Cross-Site Scripting (XSS) issue in the Custom fields of Edit Virtual Server under System Customization allows remote attackers to inject arbitrary web script or HTML via the Batch Label field. The Custom Fields feature is specifically affected, enabling XSS attacks.

Recommendations For Virtualmin version 7.7, consider disabling the Custom Fields feature of Edit Virtual Server under System Customization as a temporary workaround until a patch is available. Restrict access to the Batch Label field to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.