Lucene search

[email protected]NVD:CVE-2017-11441

HistoryJul 19, 2017 - 7:29 a.m.

CVE-2017-11441

2017-07-1907:29:00

CWE-79

[email protected]

web.nvd.nist.gov

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

21.9%

JSON

The WHM Upload Locale interface in cPanel before 56.0.51, 58.x before 58.0.52, 60.x before 60.0.45, 62.x before 62.0.27, 64.x before 64.0.33, and 66.x before 66.0.2 has XSS via a locale filename, aka SEC-297.

Affected configurations

NVD

Node

cpanelwhmRange≤56.0.50

Node

cpanelwhmMatch58.0.3

cpanelwhmMatch58.0.4

cpanelwhmMatch58.0.5

cpanelwhmMatch58.0.6

cpanelwhmMatch58.0.7

cpanelwhmMatch58.0.8

cpanelwhmMatch58.0.11

cpanelwhmMatch58.0.12

cpanelwhmMatch58.0.13

cpanelwhmMatch58.0.17

cpanelwhmMatch58.0.19

cpanelwhmMatch58.0.20

cpanelwhmMatch58.0.23

cpanelwhmMatch58.0.24

cpanelwhmMatch58.0.25

cpanelwhmMatch58.0.26

cpanelwhmMatch58.0.27

cpanelwhmMatch58.0.28

cpanelwhmMatch58.0.29

cpanelwhmMatch58.0.30

cpanelwhmMatch58.0.31

cpanelwhmMatch58.0.32

cpanelwhmMatch58.0.34

cpanelwhmMatch58.0.36

cpanelwhmMatch58.0.37

cpanelwhmMatch58.0.41

cpanelwhmMatch58.0.43

cpanelwhmMatch58.0.44

cpanelwhmMatch58.0.45

cpanelwhmMatch58.0.46

cpanelwhmMatch58.0.47

cpanelwhmMatch58.0.48

cpanelwhmMatch58.0.49

cpanelwhmMatch58.0.50

cpanelwhmMatch58.0.51

Node

cpanelwhmMatch60.0.3

cpanelwhmMatch60.0.4

cpanelwhmMatch60.0.5

cpanelwhmMatch60.0.6

cpanelwhmMatch60.0.8

cpanelwhmMatch60.0.9

cpanelwhmMatch60.0.10

cpanelwhmMatch60.0.11

cpanelwhmMatch60.0.12

cpanelwhmMatch60.0.13

cpanelwhmMatch60.0.14

cpanelwhmMatch60.0.15

cpanelwhmMatch60.0.17

cpanelwhmMatch60.0.18

cpanelwhmMatch60.0.19

cpanelwhmMatch60.0.22

cpanelwhmMatch60.0.24

cpanelwhmMatch60.0.25

cpanelwhmMatch60.0.26

cpanelwhmMatch60.0.27

cpanelwhmMatch60.0.28

cpanelwhmMatch60.0.31

cpanelwhmMatch60.0.32

cpanelwhmMatch60.0.34

cpanelwhmMatch60.0.35

cpanelwhmMatch60.0.36

cpanelwhmMatch60.0.37

cpanelwhmMatch60.0.38

cpanelwhmMatch60.0.39

cpanelwhmMatch60.0.42

cpanelwhmMatch60.0.43

cpanelwhmMatch60.0.44

Node

cpanelwhmMatch62.0.1

cpanelwhmMatch62.0.2

cpanelwhmMatch62.0.4

cpanelwhmMatch62.0.5

cpanelwhmMatch62.0.6

cpanelwhmMatch62.0.7

cpanelwhmMatch62.0.8

cpanelwhmMatch62.0.9

cpanelwhmMatch62.0.10

cpanelwhmMatch62.0.11

cpanelwhmMatch62.0.12

cpanelwhmMatch62.0.14

cpanelwhmMatch62.0.15

cpanelwhmMatch62.0.16

cpanelwhmMatch62.0.17

cpanelwhmMatch62.0.19

cpanelwhmMatch62.0.20

cpanelwhmMatch62.0.23

cpanelwhmMatch62.0.24

cpanelwhmMatch62.0.26

Node

cpanelwhmMatch64.0.0

cpanelwhmMatch64.0.1

cpanelwhmMatch64.0.2

cpanelwhmMatch64.0.3

cpanelwhmMatch64.0.4

cpanelwhmMatch64.0.7

cpanelwhmMatch64.0.9

cpanelwhmMatch64.0.11

cpanelwhmMatch64.0.12

cpanelwhmMatch64.0.13

cpanelwhmMatch64.0.14

cpanelwhmMatch64.0.15

cpanelwhmMatch64.0.17

cpanelwhmMatch64.0.18

cpanelwhmMatch64.0.19

cpanelwhmMatch64.0.20

cpanelwhmMatch64.0.21

cpanelwhmMatch64.0.22

cpanelwhmMatch64.0.24

cpanelwhmMatch64.0.27

cpanelwhmMatch64.0.28

cpanelwhmMatch64.0.29

cpanelwhmMatch64.0.30

cpanelwhmMatch64.0.31

cpanelwhmMatch64.0.32

Node

cpanelwhmMatch66.0.1

References

news.cpanel.com/cpanel-tsr-2017-0004-full-disclosure/

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

21.9%

JSON

Related for NVD:CVE-2017-11441

cve1 prion1 cvelist1