CVE-2020-8821

{"id": "CVE-2020-8821", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2020-10-12T16:15:12.590", "references": [{"url": "https://www.webmin.com/security.html", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.webmin.com/security.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "An Improper Data Validation Vulnerability exists in Webmin 1.941 and earlier affecting the Command Shell Endpoint. A user may enter HTML code into the Command field and submit it. Then, after visiting the Action Logs Menu and displaying logs, the HTML code will be rendered (however, JavaScript is not executed). Changes are kept across users."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de Comprobaci\u00f3n de Datos Inapropiada en Webmin versiones 1.941 y anteriores, afectando al Endpoint Command Shell. Un usuario puede ingresar c\u00f3digo HTML en el campo Command y enviarlo. Luego, despu\u00e9s de visitar el Men\u00fa Action Logs y mostrar los registros, el c\u00f3digo HTML ser\u00e1 renderizado (sin embargo, JavaScript no es ejecutado). Los cambios se guardan entre los usuarios"}], "lastModified": "2024-11-21T05:39:30.393", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "10FD4323-6E4B-4F7A-AB7B-D4F1A7635685", "versionEndIncluding": "1.941"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}