Lucene search

[email protected]CVE-2006-6548

HistoryDec 14, 2006 - 6:28 p.m.

CVE-2006-6548

2006-12-1418:28:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cpanel

whm

xss

vulnerabilities

web script

html

remote users

5.5 Medium

AI Score

Confidence

High

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

43.7%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in cPanel WebHost Manager (WHM) 3.1.0 allow remote authenticated users to inject arbitrary web script or HTML via the domain parameter to (1) scripts2/changeemail, (2) scripts2/limitbw, or (3) scripts/rearrangeacct. NOTE: the feature parameter to scripts2/dofeaturemanager is already covered by CVE-2006-6198.

CPENameOperatorVersion
cpanel:webhost_managercpanel webhost managereq3.1.0

CPE	Name	Operator	Version
cpanel:webhost_manager	cpanel webhost manager	eq	3.1.0

References

securityreason.com/securityalert/2027

www.aria-security.com/forum/showthread.php?t=44

www.securityfocus.com/archive/1/453885/100/0/threaded

exchange.xforce.ibmcloud.com/vulnerabilities/30792

5.5 Medium

AI Score

Confidence

High

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

43.7%

JSON

Related for CVE-2006-6548

cve1