VirtualMin Dom Parameter Cross Site Scripting Exploit

Input passed to the "dom" parameter in left.cgi and via the URL to virtual-server/link.cgi is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
Vulnerabilty ID: 
Product Version: 
Released Date: 
Thursday, September 10, 2009 - 00:00