A XSS vulnerability has been found in the ISPConfig 3 module changer script. The vulnerability requires a valid user login to ISPConfig, unauthenticated users are not affected. Vulnerable versions: All recent ISPConfig 3 releases. Fix: A patch for ISPConfig 126.96.36.199p5 is available trough the ISPConfig patch tool. Patch Installation: Run the command: ispconfig_patch as root user on the shell and enter: 3054_capp as patch code. The patch tool will download the patch from ispconfig.org and apply it. Credits: We thank Alain for informing us about this issue.