Lucene search

K
cve[email protected]CVE-2017-11441
HistoryJul 19, 2017 - 7:29 a.m.

CVE-2017-11441

2017-07-1907:29:00
CWE-79
web.nvd.nist.gov
26
cve-2017-11441
whm
cpanel
xss
security vulnerability
sec-297
nvd

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

5.2 Medium

AI Score

Confidence

High

3.5 Low

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

21.5%

The WHM Upload Locale interface in cPanel before 56.0.51, 58.x before 58.0.52, 60.x before 60.0.45, 62.x before 62.0.27, 64.x before 64.0.33, and 66.x before 66.0.2 has XSS via a locale filename, aka SEC-297.

Affected configurations

NVD
Node
cpanelwhmRange56.0.50
Node
cpanelwhmMatch58.0.3
OR
cpanelwhmMatch58.0.4
OR
cpanelwhmMatch58.0.5
OR
cpanelwhmMatch58.0.6
OR
cpanelwhmMatch58.0.7
OR
cpanelwhmMatch58.0.8
OR
cpanelwhmMatch58.0.11
OR
cpanelwhmMatch58.0.12
OR
cpanelwhmMatch58.0.13
OR
cpanelwhmMatch58.0.17
OR
cpanelwhmMatch58.0.19
OR
cpanelwhmMatch58.0.20
OR
cpanelwhmMatch58.0.23
OR
cpanelwhmMatch58.0.24
OR
cpanelwhmMatch58.0.25
OR
cpanelwhmMatch58.0.26
OR
cpanelwhmMatch58.0.27
OR
cpanelwhmMatch58.0.28
OR
cpanelwhmMatch58.0.29
OR
cpanelwhmMatch58.0.30
OR
cpanelwhmMatch58.0.31
OR
cpanelwhmMatch58.0.32
OR
cpanelwhmMatch58.0.34
OR
cpanelwhmMatch58.0.36
OR
cpanelwhmMatch58.0.37
OR
cpanelwhmMatch58.0.41
OR
cpanelwhmMatch58.0.43
OR
cpanelwhmMatch58.0.44
OR
cpanelwhmMatch58.0.45
OR
cpanelwhmMatch58.0.46
OR
cpanelwhmMatch58.0.47
OR
cpanelwhmMatch58.0.48
OR
cpanelwhmMatch58.0.49
OR
cpanelwhmMatch58.0.50
OR
cpanelwhmMatch58.0.51
Node
cpanelwhmMatch60.0.3
OR
cpanelwhmMatch60.0.4
OR
cpanelwhmMatch60.0.5
OR
cpanelwhmMatch60.0.6
OR
cpanelwhmMatch60.0.8
OR
cpanelwhmMatch60.0.9
OR
cpanelwhmMatch60.0.10
OR
cpanelwhmMatch60.0.11
OR
cpanelwhmMatch60.0.12
OR
cpanelwhmMatch60.0.13
OR
cpanelwhmMatch60.0.14
OR
cpanelwhmMatch60.0.15
OR
cpanelwhmMatch60.0.17
OR
cpanelwhmMatch60.0.18
OR
cpanelwhmMatch60.0.19
OR
cpanelwhmMatch60.0.22
OR
cpanelwhmMatch60.0.24
OR
cpanelwhmMatch60.0.25
OR
cpanelwhmMatch60.0.26
OR
cpanelwhmMatch60.0.27
OR
cpanelwhmMatch60.0.28
OR
cpanelwhmMatch60.0.31
OR
cpanelwhmMatch60.0.32
OR
cpanelwhmMatch60.0.34
OR
cpanelwhmMatch60.0.35
OR
cpanelwhmMatch60.0.36
OR
cpanelwhmMatch60.0.37
OR
cpanelwhmMatch60.0.38
OR
cpanelwhmMatch60.0.39
OR
cpanelwhmMatch60.0.42
OR
cpanelwhmMatch60.0.43
OR
cpanelwhmMatch60.0.44
Node
cpanelwhmMatch62.0.1
OR
cpanelwhmMatch62.0.2
OR
cpanelwhmMatch62.0.4
OR
cpanelwhmMatch62.0.5
OR
cpanelwhmMatch62.0.6
OR
cpanelwhmMatch62.0.7
OR
cpanelwhmMatch62.0.8
OR
cpanelwhmMatch62.0.9
OR
cpanelwhmMatch62.0.10
OR
cpanelwhmMatch62.0.11
OR
cpanelwhmMatch62.0.12
OR
cpanelwhmMatch62.0.14
OR
cpanelwhmMatch62.0.15
OR
cpanelwhmMatch62.0.16
OR
cpanelwhmMatch62.0.17
OR
cpanelwhmMatch62.0.19
OR
cpanelwhmMatch62.0.20
OR
cpanelwhmMatch62.0.23
OR
cpanelwhmMatch62.0.24
OR
cpanelwhmMatch62.0.26
Node
cpanelwhmMatch64.0.0
OR
cpanelwhmMatch64.0.1
OR
cpanelwhmMatch64.0.2
OR
cpanelwhmMatch64.0.3
OR
cpanelwhmMatch64.0.4
OR
cpanelwhmMatch64.0.7
OR
cpanelwhmMatch64.0.9
OR
cpanelwhmMatch64.0.11
OR
cpanelwhmMatch64.0.12
OR
cpanelwhmMatch64.0.13
OR
cpanelwhmMatch64.0.14
OR
cpanelwhmMatch64.0.15
OR
cpanelwhmMatch64.0.17
OR
cpanelwhmMatch64.0.18
OR
cpanelwhmMatch64.0.19
OR
cpanelwhmMatch64.0.20
OR
cpanelwhmMatch64.0.21
OR
cpanelwhmMatch64.0.22
OR
cpanelwhmMatch64.0.24
OR
cpanelwhmMatch64.0.27
OR
cpanelwhmMatch64.0.28
OR
cpanelwhmMatch64.0.29
OR
cpanelwhmMatch64.0.30
OR
cpanelwhmMatch64.0.31
OR
cpanelwhmMatch64.0.32
Node
cpanelwhmMatch66.0.1
CPENameOperatorVersion
cpanel:whmcpanel whmle56.0.50

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

5.2 Medium

AI Score

Confidence

High

3.5 Low

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

21.5%

Related for CVE-2017-11441