9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
6 Medium
AI Score
Confidence
High
0.578 Medium
EPSS
Percentile
97.7%
Multiple cross-site scripting (XSS) vulnerabilities in cPanel 9.1.0-R85 allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to testfile.html, (2) file parameter to erredit.html, (3) dns parameter to dnslook.html, (4) account parameter to ignorelist.html, (5) account parameter to showlog.html, (6) db parameter to repairdb.html, (7) login parameter to doaddftp.html (8) account parameter to editmsg.htm, or (9) ip parameter to del.html. NOTE: the dnslook.html vector was later reported to exist in cPanel 10.
CPE | Name | Operator | Version |
---|---|---|---|
cpanel:cpanel | cpanel | eq | 9.1.0_r85 |
marc.info/?l=bugtraq&m=108066561608676&w=2
secunia.com/advisories/11244
secunia.com/advisories/22984
www.aria-security.com/forum/showthread.php?t=30
www.cirt.net/advisories/cpanel_xss.shtml
www.osvdb.org/4208
www.osvdb.org/4209
www.osvdb.org/4210
www.osvdb.org/4211
www.osvdb.org/4212
www.osvdb.org/4213
www.osvdb.org/4214
www.osvdb.org/4215
www.osvdb.org/4243
www.securityfocus.com/bid/10002
www.securityfocus.com/bid/21142
www.vupen.com/english/advisories/2006/4658
exchange.xforce.ibmcloud.com/vulnerabilities/15671