Webmin 1.990 has been released on June 30, fixing two security issues:
Updated webmin package fixes security vulnerability:
The webmin package has been updated to version 1.998, fixing XSS issues in the
HTTP Tunnel and Read Mail modules, along with several other bugs.
Updated package in core/updates_testing:
Confirmed it installs cleanly, starts, and https://localhost:10000/ works.
Validating the update.
An update for this issue has been pushed to the Mageia Updates repository.