cPanel Entropy Chat Message Field XSS

2005-11-04T14:56:31
ID OSVDB:20459
Type osvdb
Reporter Andreas Sandblad(as@secunia.com)
Modified 2005-11-04T14:56:31

Description

Vulnerability Description

cPanel contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate input passed in the message field upon submission to the Entropy Chat script. This could allow a user to create a specially crafted chat message that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

cPanel contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate input passed in the message field upon submission to the Entropy Chat script. This could allow a user to create a specially crafted chat message that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

Send message <b style="width:expression([code])">text</b> via http://[host]:2084/

References:

Vendor URL: http://www.cpanel.net/ Security Tracker: 1015157 Secunia Advisory ID:16609 Other Advisory URL: http://secunia.com/secunia_research/2005-56/advisory/ Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0124.html FrSIRT Advisory: ADV-2005-2306 CVE-2005-3505 Bugtraq ID: 15327