A Reflected Cross-Site Scripting (XSS) vulnerability in the Cloudmin Services Client under System Setting in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via the Cloudmin services master field.

An issue was discovered in Virtualmin 7.7. The Cloudmin Services Client under System Settings allows XSS.