CVE-2020-8821

An Improper Data Validation Vulnerability exists in Webmin 1.941 and earlier affecting the Command Shell Endpoint. A user may enter HTML code into the Command field and submit it. Then, after visiting the Action Logs Menu and displaying logs, the HTML code will be rendered (however, JavaScript is not executed). Changes are kept across users.
References
Link Resource
https://www.webmin.com/security.html Vendor Advisory
https://www.webmin.com/security.html Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*

History

21 Nov 2024, 05:39

Type Values Removed Values Added
References () https://www.webmin.com/security.html - Vendor Advisory () https://www.webmin.com/security.html - Vendor Advisory

Information

Published : 2020-10-12 16:15

Updated : 2024-11-21 05:39


NVD link : CVE-2020-8821

Mitre link : CVE-2020-8821

CVE.ORG link : CVE-2020-8821


JSON object : View

Products Affected

webmin

  • webmin
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')