You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A stored cross-site scripting (XSS) vulnerability in the Usermin Configuration function of Webmin v2.100 allows attackers to execute arbitrary web sripts or HTML via a crafted payload injected into the Custom field.
Affected Component - Custom.
Procedure for reproducing the issue:
1. Access the Webmin administrative interface and navigate to ""Usermin Configuration" >> "Edit Categories".
2. Select any user from list.
3. Click on Custom filed and insert the XSS payload in the filed.
4. Click on Save Changes.
5. Return to the Usermin Configuration.
6. By Clicking on the Reassign Module an XSS popup will be triggered.
7. Upon returning to the Reassign Module, the popup will reappear consistently.