CVE-2023-47099

Name of the Vulnerable Software and Affected Versions Virtualmin version 7.7

Description A Stored Cross-Site Scripting (XSS) issue in the Create Virtual Server functionality of Virtualmin allows remote attackers to inject arbitrary web script or HTML via the Description field while creating the Virtual server. This issue affects anyone who accesses the Virtual Server Summary tab.

Recommendations For Virtualmin version 7.7, consider disabling the Create Virtual Server functionality until a patch is available to prevent XSS attacks. Restrict access to the Virtual Server Summary tab to minimize the risk of exploitation. Avoid using the Description field in the Create Virtual Server functionality until the issue is resolved.