Pavanughade43

**Name of the Vulnerable Software and Affected Versions** Virtualmin version 7.7 **Description** A Stored Cross-Site Scripting (XSS) issue in the Server Template under System Setting in Virtualmin allows remote attackers to inject arbitrary web script or HTML via the `Template name` field while creating server templates. The Server Templates feature under System Settings is affected. **Recommendations** For Virtualmin version 7.7, consider disabling the Server Templates feature under System Settings until a patch is available to prevent exploitation of the XSS issue. Restrict access to the Template name field to minimize the risk of arbitrary web script or HTML injection.

**Name of the Vulnerable Software and Affected Versions** Virtualmin version 7.7 **Description** A Stored Cross-Site Scripting (XSS) issue in the Create Virtual Server functionality of Virtualmin allows remote attackers to inject arbitrary web script or HTML via the `Description` field while creating the Virtual server. This issue affects anyone who accesses the Virtual Server Summary tab. **Recommendations** For Virtualmin version 7.7, consider disabling the Create Virtual Server functionality until a patch is available to prevent XSS attacks. Restrict access to the Virtual Server Summary tab to minimize the risk of exploitation. Avoid using the `Description` field in the Create Virtual Server functionality until the issue is resolved.