Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-8821

An Improper Data Validation Vulnerability exists in Webmin 1.941 and earlier affecting the Command Shell Endpoint. A user may enter HTML code into the Command field and submit it. Then, after visiting the Action Logs Menu and displaying logs, the HTML code will be rendered (however, JavaScript is not executed). Changes are kept across users.

Published

2020-10-12T16:15:12.590

Last Modified

2024-11-21T05:39:30.393

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.4 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:S/C:N/I:P/A:N

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: SINGLE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

6.8

Impact Score

2.9

Weaknesses

Type: Primary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	webmin	webmin	≤ 1.941	Yes

References

https://www.webmin.com/security.html Vendor Advisory ([email protected])
https://www.webmin.com/security.html Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)