CVE-2020-8820: XSS
First published: Mon Oct 12 2020(Updated: )
An XSS Vulnerability exists in Webmin 1.941 and earlier affecting the Cluster Shell Commands Endpoint. A user may enter any XSS Payload into the Command field and execute it. Then, after revisiting the Cluster Shell Commands Menu, the XSS Payload will be rendered and executed.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Webmin Webmin | <=1.941 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-8820?
CVE-2020-8820 is an XSS vulnerability that exists in Webmin 1.941 and earlier versions, specifically affecting the Cluster Shell Commands Endpoint.
How does CVE-2020-8820 impact Webmin?
CVE-2020-8820 allows a user to enter an XSS payload into the Command field and execute it, resulting in the payload being rendered and executed when revisiting the Cluster Shell Commands Menu.
What is the severity of CVE-2020-8820?
CVE-2020-8820 has a severity of medium with a CVSS v3 base score of 5.4.
How do I fix the XSS vulnerability in Webmin?
To fix the XSS vulnerability in Webmin, you should upgrade to version 1.941 or later, as it contains the necessary security patches.
What is CWE-79?
CWE-79 is a category of software weaknesses that includes cross-site scripting (XSS) vulnerabilities.
- collector/nvd-index
- agent/weakness
- agent/references
- agent/author
- agent/severity
- agent/type
- agent/event
- agent/description
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- vendor/webmin
- canonical/webmin webmin
- version/webmin webmin/1.941