GitLab

There is a stored XSS problem in the email name field in ISPConfig 3 which allows an attacker to inject JS code into the database that gets displayed unfiltered in the ISPConfig dashboard of the client himself, the reseller that this client belongs to and the admin.

Thank you very much to Fábián Patrik for reporting this issue.