CVE-2020-8821

An Improper Data Validation Vulnerability exists in Webmin 1.941 and earlier affecting the Command Shell Endpoint. A user may enter HTML code into the Command field and submit it. Then, after visiting the Action Logs Menu and displaying logs, the HTML code will be rendered (however, JavaScript is not executed). Changes are kept across users.
References
Link Resource
https://www.webmin.com/security.html Vendor Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*

Information

Published : 2020-10-12 09:15

Updated : 2021-07-21 04:39


NVD link : CVE-2020-8821

Mitre link : CVE-2020-8821


JSON object : View

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advertisement

dedicated server usa

Products Affected

webmin

  • webmin