CVE-2020-8821: XSS
First published: Mon Oct 12 2020(Updated: )
An Improper Data Validation Vulnerability exists in Webmin 1.941 and earlier affecting the Command Shell Endpoint. A user may enter HTML code into the Command field and submit it. Then, after visiting the Action Logs Menu and displaying logs, the HTML code will be rendered (however, JavaScript is not executed). Changes are kept across users.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Webmin Webmin | <=1.941 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-8821?
CVE-2020-8821 is an Improper Data Validation Vulnerability in Webmin 1.941 and earlier affecting the Command Shell Endpoint.
How does CVE-2020-8821 affect Webmin?
CVE-2020-8821 allows a user to enter HTML code into the Command field and have it rendered in the Action Logs Menu.
What is the severity of CVE-2020-8821?
The severity of CVE-2020-8821 is medium with a severity score of 5.4.
How can I fix CVE-2020-8821 in Webmin?
To fix CVE-2020-8821 in Webmin, update to version 1.942 or later.
Where can I find more information about CVE-2020-8821?
For more information about CVE-2020-8821, you can visit the Webmin security advisory page at https://www.webmin.com/security.html.
- collector/nvd-index
- vendor/webmin
- canonical/webmin webmin
- version/webmin webmin/1.941