CVE-2023-47098

Name of the Vulnerable Software and Affected Versions Virtualmin version 7.7

Description A Stored Cross-Site Scripting (XSS) vulnerability exists in Virtualmin, specifically in the Manage Extra Admins under Administration Options and the Create Extra Administrator tab, allowing remote attackers to inject arbitrary web script or HTML via the real name or description field.

Recommendations For Virtualmin version 7.7, as a temporary workaround, consider restricting access to the Create Extra Administrator tab and the Manage Extra Admins option until a patch is available. Avoid using the real name or description field in the affected areas until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.