VYPR
Unrated severityNVD Advisory· Published Oct 12, 2020· Updated Aug 4, 2024

CVE-2020-12670

CVE-2020-12670

Description

XSS exists in Webmin 1.941 and earlier affecting the Save function of the Read User Email Module / mailboxes Endpoint when attempting to save HTML emails. This module parses any output without sanitizing SCRIPT elements, as opposed to the View function, which sanitizes the input correctly. A malicious user can send any JavaScript payload into the message body and execute it if the user decides to save that email.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Webmin/Webmindescription
  • Webmin/Webminllm-fuzzy
    Range: <=1.941

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.