Security: Fixed security issues that could be exploited by un-trusted Webmin users in the PHP Configuration and Webalizer modules. Complete Changelog: http://www.webmin.com/changes.html Reproducible: Always
Thanks for the report
*** Bug 509226 has been marked as a duplicate of this bug. ***
+*webmin-1.680 (01 May 2014) + + 01 May 2014; Markos Chandras <hwoarang@gentoo.org> +webmin-1.680.ebuild, + -webmin-1.620.ebuild, -webmin-1.630.ebuild, -webmin-1.660.ebuild: + Version bump. Remove old versions. Bug #504782 by PhobosK + <phobosk@fastmail.fm> +
Thanks Markos. Closing as [noglsa].
CVE-2014-0339 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0339): Cross-site scripting (XSS) vulnerability in view.cgi in Webmin before 1.680 allows remote attackers to inject arbitrary web script or HTML via the search parameter.