Unrated severityNVD Advisory· Published Oct 12, 2020· Updated Aug 4, 2024
CVE-2020-12670
CVE-2020-12670
Description
XSS exists in Webmin 1.941 and earlier affecting the Save function of the Read User Email Module / mailboxes Endpoint when attempting to save HTML emails. This module parses any output without sanitizing SCRIPT elements, as opposed to the View function, which sanitizes the input correctly. A malicious user can send any JavaScript payload into the message body and execute it if the user decides to save that email.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Webmin/Webmindescription
Patches
Vulnerability mechanics
References
1- www.webmin.com/security.htmlmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.