VirtualMin Dom Parameter Cross Site Scripting Exploit

Input passed to the "dom" parameter in left.cgi and via the URL to virtual-server/link.cgi is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
Vulnerabilty ID: 
NOCVE-9999-39439
Released Date: 
Wednesday, September 9, 2009 - 19:00