Lucene search
HistoryAug 18, 2003 - 4:00 a.m.
CVE-2003-0521
cve
2003
0521
xss
vulnerability
cpanel
6.4.2
remote attackers
administrator privileges
script
url
error log
latest visitors screens
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
6.3
Confidence
High
EPSS
0.018
Percentile
88.1%
Cross-site scripting (XSS) vulnerability in cPanel 6.4.2 allows remote attackers to insert arbitrary HTML and possibly gain cPanel administrator privileges via script in a URL that is logged but not properly quoted when displayed via the (1) Error Log or (2) Latest Visitors screens.
Affected configurations
Node
cpanelcpanelMatch5.0
ORcpanelcpanelMatch5.3
ORcpanelcpanelMatch6.0
ORcpanelcpanelMatch6.2
ORcpanelcpanelMatch6.4
ORcpanelcpanelMatch6.4.1
ORcpanelcpanelMatch6.4.2
ORcpanelcpanelMatch6.4.2_stable_48
| Vendor | Product | Version | CPE |
|---|---|---|---|
| cpanel | cpanel | 6.4 | cpe:/a:cpanel:cpanel:6.4::: |
| cpanel | cpanel | 6.4.1 | cpe:/a:cpanel:cpanel:6.4.1::: |
| cpanel | cpanel | 5.3 | cpe:/a:cpanel:cpanel:5.3::: |
| cpanel | cpanel | 5.0 | cpe:/a:cpanel:cpanel:5.0::: |
| cpanel | cpanel | 6.2 | cpe:/a:cpanel:cpanel:6.2::: |
| cpanel | cpanel | 6.0 | cpe:/a:cpanel:cpanel:6.0::: |
| cpanel | cpanel | 6.4.2 | cpe:/a:cpanel:cpanel:6.4.2::: |
| cpanel | cpanel | 6.4.2+stable+48 | cpe:/a:cpanel:cpanel:6.4.2+stable+48::: |
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
6.3
Confidence
High
EPSS
0.018
Percentile
88.1%
Related for CVE-2003-0521