Mageia 7: MGASA-2020-0400 Moderate: Webmin XSS and Input Issues
mageia
November 8, 2020
An XSS Vulnerability exists in Webmin 1.941 and earlier affecting the Cluster Shell Commands Endpoint
Summary
An XSS Vulnerability exists in Webmin 1.941 and earlier affecting the Cluster
Shell Commands Endpoint. A user may enter any XSS Payload into the Command
field and execute it. Then, after revisiting the Cluster Shell Commands Menu,
the XSS Payload will be rendered and executed. (CVE-2020-8820)
An Improper Data Validation Vulnerability exists in Webmin 1.941 and earlier
affecting the Command Shell Endpoint. A user may enter HTML code into the
Command field and submit it. Then, after visiting the Action Logs Menu and
displaying logs, the HTML code will be rendered (however, JavaScript is not
executed). Changes are kept across users. (CVE-2020-8821)
XSS exists in Webmin 1.941 and earlier affecting the Save function of the
Read User Email Module / mailboxes Endpoint when attempting to save HTML
emails. This module parses any output without sanitizing SCRIPT elements, as
opposed to the View function, which sanitizes the input correctly. A malicious
user can send any JavaScript pay...
References
- https://bugs.mageia.org/show_bug.cgi?id=27459
- https://webmin.com/security/
- https://webmin.com/tags/webmin-changelog/
- https://www.cve.org/CVERecord?id=CVE-2020-8820
- https://www.cve.org/CVERecord?id=CVE-2020-8821
- https://www.cve.org/CVERecord?id=CVE-2020-12670
Topics Covered
Resolution
SRPMS
- 7/core/webmin-1.960-1.mga7
PREVIOUS
NEXT
Publication date: 08 Nov 2020
URL: https://advisories.mageia.org/MGASA-2020-0400.html
Type: security
CVE: CVE-2020-8820,
CVE-2020-8821,
CVE-2020-12670
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!