CVE-2008-0720

Name of the Vulnerable Software and Affected Versions Webmin versions 1.370 through 1.390 Usermin versions 1.300 through 1.320

Description A cross-site scripting issue allows remote attackers to inject arbitrary web script or HTML via the search parameter to the "webmin search.cgi" endpoint, and possibly other components accessed through a search box or open file box.

Recommendations For Webmin versions 1.370 through 1.390, avoid using the search parameter in the webmin search.cgi endpoint until a fix is available. For Usermin versions 1.300 through 1.320, restrict access to the search box and open file box to minimize the risk of exploitation.