CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
Confidence
High
EPSS
Percentile
88.1%
Cross-site scripting (XSS) vulnerability in cPanel 6.4.2 allows remote attackers to insert arbitrary HTML and possibly gain cPanel administrator privileges via script in a URL that is logged but not properly quoted when displayed via the (1) Error Log or (2) Latest Visitors screens.
Vendor | Product | Version | CPE |
---|---|---|---|
cpanel | cpanel | 6.4 | cpe:/a:cpanel:cpanel:6.4::: |
cpanel | cpanel | 6.4.1 | cpe:/a:cpanel:cpanel:6.4.1::: |
cpanel | cpanel | 5.3 | cpe:/a:cpanel:cpanel:5.3::: |
cpanel | cpanel | 5.0 | cpe:/a:cpanel:cpanel:5.0::: |
cpanel | cpanel | 6.2 | cpe:/a:cpanel:cpanel:6.2::: |
cpanel | cpanel | 6.0 | cpe:/a:cpanel:cpanel:6.0::: |
cpanel | cpanel | 6.4.2 | cpe:/a:cpanel:cpanel:6.4.2::: |
cpanel | cpanel | 6.4.2+stable+48 | cpe:/a:cpanel:cpanel:6.4.2+stable+48::: |