XSS exists in Webmin 1.941 and previous versions affecting the Save function of the Read User Email Module / mailboxes Endpoint when attempting to save HTML emails. This module parses any output without sanitizing SCRIPT elements, as opposed to the View function, which sanitizes the input correctly. A malicious user can send any JavaScript payload into the message body and execute it if the user decides to save that email.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
webmin webmin |