Lucene search

K
cve[email protected]CVE-2017-11441
HistoryJul 19, 2017 - 7:29 a.m.

CVE-2017-11441

2017-07-1907:29:00
CWE-79
web.nvd.nist.gov
27
cve-2017-11441
whm
cpanel
xss
security vulnerability
sec-297
nvd

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

5.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

21.9%

The WHM Upload Locale interface in cPanel before 56.0.51, 58.x before 58.0.52, 60.x before 60.0.45, 62.x before 62.0.27, 64.x before 64.0.33, and 66.x before 66.0.2 has XSS via a locale filename, aka SEC-297.

Affected configurations

NVD
Node
cpanelwhmRange56.0.50
Node
cpanelwhmMatch58.0.3
OR
cpanelwhmMatch58.0.4
OR
cpanelwhmMatch58.0.5
OR
cpanelwhmMatch58.0.6
OR
cpanelwhmMatch58.0.7
OR
cpanelwhmMatch58.0.8
OR
cpanelwhmMatch58.0.11
OR
cpanelwhmMatch58.0.12
OR
cpanelwhmMatch58.0.13
OR
cpanelwhmMatch58.0.17
OR
cpanelwhmMatch58.0.19
OR
cpanelwhmMatch58.0.20
OR
cpanelwhmMatch58.0.23
OR
cpanelwhmMatch58.0.24
OR
cpanelwhmMatch58.0.25
OR
cpanelwhmMatch58.0.26
OR
cpanelwhmMatch58.0.27
OR
cpanelwhmMatch58.0.28
OR
cpanelwhmMatch58.0.29
OR
cpanelwhmMatch58.0.30
OR
cpanelwhmMatch58.0.31
OR
cpanelwhmMatch58.0.32
OR
cpanelwhmMatch58.0.34
OR
cpanelwhmMatch58.0.36
OR
cpanelwhmMatch58.0.37
OR
cpanelwhmMatch58.0.41
OR
cpanelwhmMatch58.0.43
OR
cpanelwhmMatch58.0.44
OR
cpanelwhmMatch58.0.45
OR
cpanelwhmMatch58.0.46
OR
cpanelwhmMatch58.0.47
OR
cpanelwhmMatch58.0.48
OR
cpanelwhmMatch58.0.49
OR
cpanelwhmMatch58.0.50
OR
cpanelwhmMatch58.0.51
Node
cpanelwhmMatch60.0.3
OR
cpanelwhmMatch60.0.4
OR
cpanelwhmMatch60.0.5
OR
cpanelwhmMatch60.0.6
OR
cpanelwhmMatch60.0.8
OR
cpanelwhmMatch60.0.9
OR
cpanelwhmMatch60.0.10
OR
cpanelwhmMatch60.0.11
OR
cpanelwhmMatch60.0.12
OR
cpanelwhmMatch60.0.13
OR
cpanelwhmMatch60.0.14
OR
cpanelwhmMatch60.0.15
OR
cpanelwhmMatch60.0.17
OR
cpanelwhmMatch60.0.18
OR
cpanelwhmMatch60.0.19
OR
cpanelwhmMatch60.0.22
OR
cpanelwhmMatch60.0.24
OR
cpanelwhmMatch60.0.25
OR
cpanelwhmMatch60.0.26
OR
cpanelwhmMatch60.0.27
OR
cpanelwhmMatch60.0.28
OR
cpanelwhmMatch60.0.31
OR
cpanelwhmMatch60.0.32
OR
cpanelwhmMatch60.0.34
OR
cpanelwhmMatch60.0.35
OR
cpanelwhmMatch60.0.36
OR
cpanelwhmMatch60.0.37
OR
cpanelwhmMatch60.0.38
OR
cpanelwhmMatch60.0.39
OR
cpanelwhmMatch60.0.42
OR
cpanelwhmMatch60.0.43
OR
cpanelwhmMatch60.0.44
Node
cpanelwhmMatch62.0.1
OR
cpanelwhmMatch62.0.2
OR
cpanelwhmMatch62.0.4
OR
cpanelwhmMatch62.0.5
OR
cpanelwhmMatch62.0.6
OR
cpanelwhmMatch62.0.7
OR
cpanelwhmMatch62.0.8
OR
cpanelwhmMatch62.0.9
OR
cpanelwhmMatch62.0.10
OR
cpanelwhmMatch62.0.11
OR
cpanelwhmMatch62.0.12
OR
cpanelwhmMatch62.0.14
OR
cpanelwhmMatch62.0.15
OR
cpanelwhmMatch62.0.16
OR
cpanelwhmMatch62.0.17
OR
cpanelwhmMatch62.0.19
OR
cpanelwhmMatch62.0.20
OR
cpanelwhmMatch62.0.23
OR
cpanelwhmMatch62.0.24
OR
cpanelwhmMatch62.0.26
Node
cpanelwhmMatch64.0.0
OR
cpanelwhmMatch64.0.1
OR
cpanelwhmMatch64.0.2
OR
cpanelwhmMatch64.0.3
OR
cpanelwhmMatch64.0.4
OR
cpanelwhmMatch64.0.7
OR
cpanelwhmMatch64.0.9
OR
cpanelwhmMatch64.0.11
OR
cpanelwhmMatch64.0.12
OR
cpanelwhmMatch64.0.13
OR
cpanelwhmMatch64.0.14
OR
cpanelwhmMatch64.0.15
OR
cpanelwhmMatch64.0.17
OR
cpanelwhmMatch64.0.18
OR
cpanelwhmMatch64.0.19
OR
cpanelwhmMatch64.0.20
OR
cpanelwhmMatch64.0.21
OR
cpanelwhmMatch64.0.22
OR
cpanelwhmMatch64.0.24
OR
cpanelwhmMatch64.0.27
OR
cpanelwhmMatch64.0.28
OR
cpanelwhmMatch64.0.29
OR
cpanelwhmMatch64.0.30
OR
cpanelwhmMatch64.0.31
OR
cpanelwhmMatch64.0.32
Node
cpanelwhmMatch66.0.1
CPENameOperatorVersion
cpanel:whmcpanel whmle56.0.50

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

5.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

21.9%

Related for CVE-2017-11441