custom/run.cgi in Webmin prior to 1.870 allows remote authenticated administrators to conduct XSS attacks via the description field in the custom command functionality.
webmin webmin