XSS exists in Webmin 1.941 and earlier affecting the Save function of the Read User Email Module / mailboxes Endpoint when attempting to save HTML emails. This module parses any output without sanitizing SCRIPT elements, as opposed to the View function, which sanitizes the input correctly. A malicious user can send any JavaScript payload into the message body and execute it if the user decides to save that email.
References
Link | Resource |
---|---|
https://www.webmin.com/security.html | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-10-12T15:56:28
Updated: 2020-10-12T15:56:28
Reserved: 2020-05-06T00:00:00
Link: CVE-2020-12670
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-10-12T16:15:12.437
Modified: 2020-10-16T16:15:57.027
Link: CVE-2020-12670
JSON object: View
Redhat Information
No data.
CWE