An Improper Data Validation Vulnerability exists in Webmin 1.941 and earlier affecting the Command Shell Endpoint. A user may enter HTML code into the Command field and submit it. Then, after visiting the Action Logs Menu and displaying logs, the HTML code will be rendered (however, JavaScript is not executed). Changes are kept across users.
References
Link | Resource |
---|---|
https://www.webmin.com/security.html | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-10-12T15:54:34
Updated: 2020-10-12T15:54:34
Reserved: 2020-02-10T00:00:00
Link: CVE-2020-8821
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-10-12T16:15:12.590
Modified: 2021-07-21T11:39:23.747
Link: CVE-2020-8821
JSON object: View
Redhat Information
No data.
CWE