Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-8820

An XSS Vulnerability exists in Webmin 1.941 and earlier affecting the Cluster Shell Commands Endpoint. A user may enter any XSS Payload into the Command field and execute it. Then, after revisiting the Cluster Shell Commands Menu, the XSS Payload will be rendered and executed.

Published

2020-10-12T16:15:12.513

Last Modified

2024-11-21T05:39:30.267

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.4 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:S/C:N/I:P/A:N

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: SINGLE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

6.8

Impact Score

2.9

Weaknesses

Type: Primary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	webmin	webmin	≤ 1.941	Yes

References

https://www.webmin.com/security.html Vendor Advisory ([email protected])
https://www.webmin.com/security.html Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)