There is a stored cross-site scripting (XSS) vulnerability in Webmin 2.002 and below via the Cluster Cron Job tab Input field, which allows attackers to run malicious scripts by injecting a specially crafted payload.
https://github.com/TishaManandhar/Webmin_xss_POC/blob/main/XSS