CVE-2023-47096

Name of the Vulnerable Software and Affected Versions Virtualmin version 7.7

Description A Reflected Cross-Site Scripting (XSS) issue in the Cloudmin Services Client under System Setting allows remote attackers to inject arbitrary web script or HTML via the Cloudmin services master field. This enables attackers to execute malicious scripts on the client-side, potentially leading to unauthorized actions or data theft. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited.

Recommendations For Virtualmin version 7.7, as a temporary workaround, consider restricting access to the Cloudmin Services Client under System Settings to minimize the risk of exploitation. Avoid using the Cloudmin services master field in the affected area until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.