PT-2020-20304 · Webmin · Webmin

Mauro Caseres

Published

2020-10-12

Updated

2021-07-21

CVE-2020-8821

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Webmin versions 1.941 and earlier

Description The issue is related to improper data validation in the Command Shell Endpoint, allowing a user to enter HTML code into the Command field. After submitting the code and visiting the Action Logs Menu to display logs, the HTML code is rendered, although JavaScript is not executed. The changes persist across different users.

Recommendations For Webmin versions 1.941 and earlier, update to a version later than 1.941 to resolve the issue. At the moment, there is no information about other specific fixes for this vulnerability.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2020-8821

MGASA-2020-0400

Affected Products

Webmin

PT-2020-20304 · Webmin · Webmin

CVE-2020-8821

Weakness Enumeration

Related Identifiers

Affected Products

References · 7