CVE-2011-1937

Name of the Vulnerable Software and Affected Versions Webmin versions 1.540 and earlier

Description A cross-site scripting (XSS) issue allows local users to inject arbitrary web script or HTML via a chfn command that changes the real field, related to useradmin/index.cgi and useradmin/user-lib.pl.

Recommendations For versions 1.540 and earlier, update to a version later than 1.540 to resolve the issue. As a temporary workaround, consider restricting access to the useradmin/index.cgi and useradmin/user-lib.pl files until a patch is available. Avoid using the chfn command to change the real field in the affected versions until the issue is resolved.