E21-15851
CVSS:
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
False Positive:
f
Variants:
2
Year:
2020
Description
A stored XSS vulnerability exists in Webmin 1.941 and earlier, affecting the Command-Shell module.
The flaw is due to lack of HTML character escaping when rendering log entries and is located in 'shell/log_parser.pl' script.
An authenticated remote attacker may send a crafted POST body to obtain arbitrary JavaScript execution on a target user's browser.