CVE-2020-8821

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2020-8821
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-8821.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-8821
Published
2020-10-12T16:15:12Z
Modified
2024-09-03T03:35:20.107469Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

An Improper Data Validation Vulnerability exists in Webmin 1.941 and earlier affecting the Command Shell Endpoint. A user may enter HTML code into the Command field and submit it. Then, after visiting the Action Logs Menu and displaying logs, the HTML code will be rendered (however, JavaScript is not executed). Changes are kept across users.

References

Affected packages

Git / github.com/webmin/webmin

Affected ranges

Type
GIT
Repo
https://github.com/webmin/webmin
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected

Affected versions

1.*

1.700
1.710
1.720
1.730
1.740
1.750
1.760
1.770
1.780
1.790
1.800
1.801
1.810
1.820
1.830
1.831
1.840
1.850
1.860
1.870
1.880
1.890
1.900
1.910
1.920
1.930
1.940
1.941