A vulnerability was discovered and corrected in webmin: Cross-site scripting vulnerability in Webmin 1.540 and earlier allows local users to inject arbitrary web script or HTML via a chfn command that changes the real field, related to useradmin/index.cgi and useradmin/user-lib.pl . Packages for 2009.0 are provided as of the Extended Maintenance Program