Webmin and Usermin HTML Injection and Information Disclosure Vulnerability

Webmin and Usermin HTML Injection and Information Disclosure Vulnerability

Webmin and Usermin are prone to an HTML-injection issue and an information-disclosure issue.

Attacker-supplied HTML and script code would execute in the context of the affected website, potentially allowing an attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user and gain sensitive information.

Usermin versions prior to 1.226 and Webmin versions prior to 1.296 are vulnerable to this issue.