cPanel 5/6/7/8/9 dir Parameter Cross-Site Scripting Vulnerability

{"bulletinFamily": "exploit", "id": "EDB-ID:23806", "cvelist": ["CVE-2004-2308"], "modified": "2004-03-12T00:00:00", "lastseen": "2016-02-02T21:51:22", "edition": 1, "sourceData": "source: http://www.securityfocus.com/bid/9853/info\r\n\r\nIt has been reported that cPanel may be prone to a cross-site scripting vulnerability that may allow a remote attacker to execute HTML or script code in a user's browser. The issue presents itself due to insufficient sanitization of user-supplied data via the 'dir' parameter of 'dohtaccess.html' page. The victim may require to be authenticated with valid credentials to be exposed to exploitation.\r\n\r\nDue to the possibility of attacker-specified HTML and script code being rendered in a victim's browser, it is possible to steal cookie-based authentication credentials from that user. Other attacks are possible as well.\r\n\r\nhttp://www.example.com:2082/frontend/x/htaccess/dohtaccess.html?dir=><script>alert(0x29A Crew)</script>", "published": "2004-03-12T00:00:00", "href": "https://www.exploit-db.com/exploits/23806/", "osvdbidlist": ["4219"], "reporter": "Fable", "hash": "a07440751d648516279bbd44507b3ec7d88bfb86c3dc9fed966adf3b6a45f255", "title": "cPanel 5/6/7/8/9 dir Parameter Cross-Site Scripting Vulnerability", "history": [], "type": "exploitdb", "objectVersion": "1.0", "description": "cPanel 5/6/7/8/9 dir Parameter Cross-Site Scripting Vulnerability. CVE-2004-2308. Webapps exploit for cgi platform", "references": [], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/23806/", "enchantments": {"vulnersScore": 3.7}}

{"result": {"cve": [{"id": "CVE-2004-2308", "type": "cve", "title": "CVE-2004-2308", "description": "Cross-site scripting (XSS) vulnerability in cPanel 9.1.0 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the dir parameter in dohtaccess.html.", "published": "2004-12-31T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-2308", "cvelist": ["CVE-2004-2308"], "lastseen": "2017-07-11T11:14:41"}], "seebug": [{"id": "SSV-77555", "type": "seebug", "title": "cPanel 5/6/7/8/9 dir Parameter Cross-Site Scripting Vulnerability", "description": "Summary: \ncPanel 9.1.0 version and may version the presence of cross-site scripting(XSS)vulnerability. A remote attacker can use dohtaccess. htm in the dir parameter to inject arbitrary web script or HTML.\n", "published": "2014-07-01T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.seebug.org/vuldb/ssvid-77555", "cvelist": ["CVE-2004-2308"], "lastseen": "2016-07-30T20:42:16"}], "osvdb": [{"id": "OSVDB:4219", "type": "osvdb", "title": "cPanel dohtaccess.html dir Variable XSS", "description": "## Vulnerability Description\ncPanel contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the \"dir\" variable upon submission to the \"dohtaccess.html\" script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\ncPanel contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the \"dir\" variable upon submission to the \"dohtaccess.html\" script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Manual Testing Notes\nhttp://[victim]:2082/frontend/x/htaccess/dohtaccess.html?dir=><script>alert(vulnerable)</script>\n## References:\nVendor URL: http://www.cpanel.net/\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-03/0119.html\nISS X-Force ID: 15485\n[CVE-2004-2308](https://vulners.com/cve/CVE-2004-2308)\nBugtraq ID: 9853\n", "published": "2004-03-11T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://vulners.com/osvdb/OSVDB:4219", "cvelist": ["CVE-2004-2308"], "lastseen": "2017-04-28T13:19:58"}], "nessus": [{"id": "CPANEL_LOGIN_CMD_EXEC.NASL", "type": "nessus", "title": "cPanel <= 9.1.0 Multiple Vulnerabilities", "description": "The version of cPanel installed on the remote host is version 9.1.0 (or earlier) and thus reportedly affected by multiple issues:\n\n - The dohtaccess.html script fails to sanitize input supplied by a user and is affected by a cross-site scripting vulnerability. (CVE-2004-2308)\n\n - Both the Login Page and resetpass functionality fail to sanitize user input and can be manipulated to execute arbitrary commands (CVE-2004-1769 & CVE-2004-1770). For example, the following URL demonstrates the id command being executed:\n\n http://www.example.com:2082/login/?user=|\"`id`\"|", "published": "2004-03-14T00:00:00", "cvss": {"score": 10, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=12097", "cvelist": ["CVE-2004-2308", "CVE-2004-1769", "CVE-2004-1770"], "lastseen": "2016-09-26T17:26:33"}]}}