An Improper Data Validation Vulnerability exists in Webmin 1.941 and earlier affecting the Command Shell Endpoint. A user may enter HTML code into the Command field and submit it. Then, after visiting the Action Logs Menu and displaying logs, the HTML code will be rendered (however, JavaScript is not executed). Changes are kept across users.
References
Link | Resource |
---|---|
https://www.webmin.com/security.html | Vendor Advisory |
Configurations
History
No history.
Information
Published : 2020-10-12 16:15
Updated : 2024-02-28 18:08
NVD link : CVE-2020-8821
Mitre link : CVE-2020-8821
CVE.ORG link : CVE-2020-8821
JSON object : View
Products Affected
webmin
- webmin
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')