CVE-2020-12670: XSS
First published: Mon Oct 12 2020(Updated: )
XSS exists in Webmin 1.941 and earlier affecting the Save function of the Read User Email Module / mailboxes Endpoint when attempting to save HTML emails. This module parses any output without sanitizing SCRIPT elements, as opposed to the View function, which sanitizes the input correctly. A malicious user can send any JavaScript payload into the message body and execute it if the user decides to save that email.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Webmin Webmin | <=1.941 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-12670?
CVE-2020-12670 is a vulnerability that allows for cross-site scripting (XSS) attacks in Webmin 1.941 and earlier versions.
How does CVE-2020-12670 affect Webmin?
CVE-2020-12670 affects the Save function of the Read User Email Module / mailboxes Endpoint in Webmin, allowing for XSS attacks when attempting to save HTML emails.
What is the severity of CVE-2020-12670?
CVE-2020-12670 has a severity rating of medium.
How can I fix CVE-2020-12670 in Webmin?
To fix CVE-2020-12670 in Webmin, update to version 1.942 or later.
Is there any additional information available on CVE-2020-12670?
Yes, you can find more information about CVE-2020-12670 on the Webmin security page: https://www.webmin.com/security.html
- collector/nvd-index
- vendor/webmin
- canonical/webmin webmin
- version/webmin webmin/1.941