Lucene search

K
cve[email protected]CVE-2003-0521
HistoryAug 18, 2003 - 4:00 a.m.

CVE-2003-0521

2003-08-1804:00:00
web.nvd.nist.gov
27
cve
2003
0521
xss
vulnerability
cpanel
6.4.2
remote attackers
administrator privileges
script
url
error log
latest visitors screens

6.3 Medium

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.018 Low

EPSS

Percentile

88.1%

Cross-site scripting (XSS) vulnerability in cPanel 6.4.2 allows remote attackers to insert arbitrary HTML and possibly gain cPanel administrator privileges via script in a URL that is logged but not properly quoted when displayed via the (1) Error Log or (2) Latest Visitors screens.

Affected configurations

NVD
Node
cpanelcpanelMatch5.0
OR
cpanelcpanelMatch5.3
OR
cpanelcpanelMatch6.0
OR
cpanelcpanelMatch6.2
OR
cpanelcpanelMatch6.4
OR
cpanelcpanelMatch6.4.1
OR
cpanelcpanelMatch6.4.2
OR
cpanelcpanelMatch6.4.2_stable_48

6.3 Medium

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.018 Low

EPSS

Percentile

88.1%

Related for CVE-2003-0521