6.2 Medium
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.015 Low
EPSS
Percentile
86.6%
Cross-site scripting (XSS) vulnerability in the Entropy Chat script in cPanel 10.2.0-R82 and 10.6.0-R137 allows remote attackers to inject arbitrary web script or HTML via a chat message containing Javascript in style attributes in tags such as <b>, which are processed by Internet Explorer.
CPE | Name | Operator | Version |
---|---|---|---|
cpanel:cpanel | cpanel | eq | 10.2.0_r82 |
cpanel:cpanel | cpanel | eq | 10.6.0_r137 |
archives.neohapsis.com/archives/fulldisclosure/2005-11/0124.html
secunia.com/advisories/16609
secunia.com/secunia_research/2005-56/advisory/
securityreason.com/securityalert/148
securitytracker.com/id?1015157
www.osvdb.org/20459
www.securityfocus.com/archive/1/415722/30/0/threaded
www.securityfocus.com/bid/15327
www.vupen.com/english/advisories/2005/2306