CVE List

CVE-2020-12670

Moderate 6.1

XSS exists in Webmin 1.941 and earlier affecting the Save function of the Read User Email Module / mailboxes Endpoint when attempting to save HTML emails. This module parses any output without sanitizing SCRIPT elements, as opposed to the View function, which sanitizes the input correctly. A malicious user can send any JavaScript payload into the message body and execute it if the user decides to save that email.

Published October 12, 2020.

Affected software

Webmin Webmin

Reference links

Sign Up for Alerts