ID OSVDB:31754 Type osvdb Reporter OSVDB Modified 2006-11-24T07:18:50
Description
Solution Description
Upgrade to version 11.1.0 (build 4) or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.
{"href": "https://vulners.com/osvdb/OSVDB:31754", "id": "OSVDB:31754", "reporter": "OSVDB", "published": "2006-11-24T07:18:50", "description": "## Solution Description\nUpgrade to version 11.1.0 (build 4) or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Manual Testing Notes\nhttp://[target]:2086/scripts2/domts2?domain=XSS\n## References:\n[Secunia Advisory ID:23116](https://secuniaresearch.flexerasoftware.com/advisories/23116/)\n[Related OSVDB ID: 31753](https://vulners.com/osvdb/OSVDB:31753)\n[Related OSVDB ID: 31755](https://vulners.com/osvdb/OSVDB:31755)\n[Related OSVDB ID: 31751](https://vulners.com/osvdb/OSVDB:31751)\n[Related OSVDB ID: 31752](https://vulners.com/osvdb/OSVDB:31752)\n[Related OSVDB ID: 31756](https://vulners.com/osvdb/OSVDB:31756)\nOther Advisory URL: http://www.aria-security.com/forum/showthread.php?t=44\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-11/0496.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-11/0494.html\nISS X-Force ID: 30507\n[CVE-2006-6198](https://vulners.com/cve/CVE-2006-6198)\nBugtraq ID: 21288\n", "title": "cPanel WebHost Manager (WHM) domts2 domain Variable XSS", "lastseen": "2017-04-28T13:20:28", "bulletinFamily": "software", "type": "osvdb", "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "references": [], "edition": 1, "cvelist": ["CVE-2006-6198"], "affectedSoftware": [], "viewCount": 7, "enchantments": {"score": {"value": 5.8, "vector": "NONE", "modified": "2017-04-28T13:20:28", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2006-6198"]}, {"type": "osvdb", "idList": ["OSVDB:31757", "OSVDB:31756", "OSVDB:31753", "OSVDB:31751", "OSVDB:31755", "OSVDB:31752"]}, {"type": "exploitdb", "idList": ["EDB-ID:29185", "EDB-ID:29183", "EDB-ID:29186", "EDB-ID:29184", "EDB-ID:29187", "EDB-ID:29182", "EDB-ID:29188"]}], "modified": "2017-04-28T13:20:28", "rev": 2}, "vulnersScore": 5.8}, "modified": "2006-11-24T07:18:50"}
{"cve": [{"lastseen": "2020-10-03T11:48:19", "description": "Multiple cross-site scripting (XSS) vulnerabilities in cPanel WebHost Manager (WHM) 3.1.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) email parameter to (a) scripts2/dochangeemail, the (2) supporturl parameter to (b) cgi/addon_configsupport.cgi, the (3) pkg parameter to (c) scripts/editpkg, the (4) domain parameter to (d) scripts2/domts2 and (e) scripts/editzone, the (5) feature parameter to (g) scripts2/dofeaturemanager, and the (6) ndomain parameter to (h) scripts/park.", "edition": 3, "cvss3": {}, "published": "2006-12-01T01:28:00", "title": "CVE-2006-6198", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-6198"], "modified": "2018-10-17T21:47:00", "cpe": ["cpe:/a:cpanel:webhost_manager:3.1.0"], "id": "CVE-2006-6198", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-6198", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:cpanel:webhost_manager:3.1.0:*:*:*:*:*:*:*"]}], "osvdb": [{"lastseen": "2017-04-28T13:20:28", "bulletinFamily": "software", "cvelist": ["CVE-2006-6198"], "description": "## Solution Description\nUpgrade to version 11.1.0 (build 4) or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Manual Testing Notes\nhttp://[target]:2086/cgi/addon_configsupport.cgi?cgiaction=save&supportaddy=Domain.name&emailpipecmd=Domain.name&displaybrowserbody=1&displaybrowsersubject=1&displaydomainbody=1&displaydomainsubject=1&displayhostnamebody=1&displayhostnamesubject=1&displayipbody=1&displayipsubject=1&displayuserbody=1&displayusersubject=1&type=redirect&supporturl=XSS\n## References:\n[Secunia Advisory ID:23116](https://secuniaresearch.flexerasoftware.com/advisories/23116/)\n[Related OSVDB ID: 31753](https://vulners.com/osvdb/OSVDB:31753)\n[Related OSVDB ID: 31755](https://vulners.com/osvdb/OSVDB:31755)\n[Related OSVDB ID: 31751](https://vulners.com/osvdb/OSVDB:31751)\n[Related OSVDB ID: 31754](https://vulners.com/osvdb/OSVDB:31754)\n[Related OSVDB ID: 31756](https://vulners.com/osvdb/OSVDB:31756)\nOther Advisory URL: http://www.aria-security.com/forum/showthread.php?t=44\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-11/0496.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-11/0494.html\nISS X-Force ID: 30507\n[CVE-2006-6198](https://vulners.com/cve/CVE-2006-6198)\nBugtraq ID: 21288\n", "edition": 1, "modified": "2006-11-24T07:18:50", "published": "2006-11-24T07:18:50", "href": "https://vulners.com/osvdb/OSVDB:31752", "id": "OSVDB:31752", "title": "cPanel WebHost Manager (WHM) addon_configsupport.cgi supporturl Variable XSS", "type": "osvdb", "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:28", "bulletinFamily": "software", "cvelist": ["CVE-2006-6198"], "description": "## Solution Description\nUpgrade to version 11.1.0 (build 4) or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Manual Testing Notes\nhttp://[target]:2086/scripts/park?domain=demo.com&ndomain=XSS\n## References:\n[Secunia Advisory ID:23116](https://secuniaresearch.flexerasoftware.com/advisories/23116/)\n[Related OSVDB ID: 31753](https://vulners.com/osvdb/OSVDB:31753)\n[Related OSVDB ID: 31755](https://vulners.com/osvdb/OSVDB:31755)\n[Related OSVDB ID: 31751](https://vulners.com/osvdb/OSVDB:31751)\n[Related OSVDB ID: 31754](https://vulners.com/osvdb/OSVDB:31754)\n[Related OSVDB ID: 31752](https://vulners.com/osvdb/OSVDB:31752)\n[Related OSVDB ID: 31756](https://vulners.com/osvdb/OSVDB:31756)\nOther Advisory URL: http://www.aria-security.com/forum/showthread.php?t=44\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-11/0496.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-11/0494.html\nISS X-Force ID: 30507\n[CVE-2006-6198](https://vulners.com/cve/CVE-2006-6198)\nBugtraq ID: 21288\n", "edition": 1, "modified": "2006-11-24T07:18:50", "published": "2006-11-24T07:18:50", "href": "https://vulners.com/osvdb/OSVDB:31757", "id": "OSVDB:31757", "title": "cPanel WebHost Manager (WHM) park ndomain Variable XSS", "type": "osvdb", "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:28", "bulletinFamily": "software", "cvelist": ["CVE-2006-6198"], "description": "## Solution Description\nUpgrade to version 11.1.0 (build 4) or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Manual Testing Notes\nhttp://[target]:2086/scripts/editzone?domain=XSS\n## References:\n[Secunia Advisory ID:23116](https://secuniaresearch.flexerasoftware.com/advisories/23116/)\n[Related OSVDB ID: 31753](https://vulners.com/osvdb/OSVDB:31753)\n[Related OSVDB ID: 31751](https://vulners.com/osvdb/OSVDB:31751)\n[Related OSVDB ID: 31754](https://vulners.com/osvdb/OSVDB:31754)\n[Related OSVDB ID: 31752](https://vulners.com/osvdb/OSVDB:31752)\n[Related OSVDB ID: 31756](https://vulners.com/osvdb/OSVDB:31756)\nOther Advisory URL: http://www.aria-security.com/forum/showthread.php?t=44\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-11/0496.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-11/0494.html\nISS X-Force ID: 30507\n[CVE-2006-6198](https://vulners.com/cve/CVE-2006-6198)\nBugtraq ID: 21288\n", "edition": 1, "modified": "2006-11-24T07:18:50", "published": "2006-11-24T07:18:50", "href": "https://vulners.com/osvdb/OSVDB:31755", "id": "OSVDB:31755", "title": "cPanel WebHost Manager (WHM) editzone domain Variable XSS", "type": "osvdb", "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:28", "bulletinFamily": "software", "cvelist": ["CVE-2006-6198"], "description": "## Solution Description\nUpgrade to version 11.1.0 (build 4) or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Manual Testing Notes\nhttp://[target]:2086/scripts2/dofeaturemanager?action=addfeature&feature=XSS\n## References:\n[Secunia Advisory ID:23116](https://secuniaresearch.flexerasoftware.com/advisories/23116/)\n[Related OSVDB ID: 31753](https://vulners.com/osvdb/OSVDB:31753)\n[Related OSVDB ID: 31755](https://vulners.com/osvdb/OSVDB:31755)\n[Related OSVDB ID: 31751](https://vulners.com/osvdb/OSVDB:31751)\n[Related OSVDB ID: 31754](https://vulners.com/osvdb/OSVDB:31754)\n[Related OSVDB ID: 31752](https://vulners.com/osvdb/OSVDB:31752)\nOther Advisory URL: http://www.aria-security.com/forum/showthread.php?t=44\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-11/0496.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-11/0494.html\nISS X-Force ID: 30507\n[CVE-2006-6198](https://vulners.com/cve/CVE-2006-6198)\nBugtraq ID: 21288\n", "edition": 1, "modified": "2006-11-24T07:18:50", "published": "2006-11-24T07:18:50", "href": "https://vulners.com/osvdb/OSVDB:31756", "id": "OSVDB:31756", "title": "cPanel WebHost Manager (WHM) dofeaturemanager feature Variable XSS", "type": "osvdb", "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:28", "bulletinFamily": "software", "cvelist": ["CVE-2006-6198"], "description": "## Solution Description\nUpgrade to version 11.1.0 (build 4) or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Manual Testing Notes\nhttp://[target]:2086/scripts/editpkg?pkg=XSS\n## References:\n[Secunia Advisory ID:23116](https://secuniaresearch.flexerasoftware.com/advisories/23116/)\n[Related OSVDB ID: 31755](https://vulners.com/osvdb/OSVDB:31755)\n[Related OSVDB ID: 31751](https://vulners.com/osvdb/OSVDB:31751)\n[Related OSVDB ID: 31754](https://vulners.com/osvdb/OSVDB:31754)\n[Related OSVDB ID: 31752](https://vulners.com/osvdb/OSVDB:31752)\n[Related OSVDB ID: 31756](https://vulners.com/osvdb/OSVDB:31756)\nOther Advisory URL: http://www.aria-security.com/forum/showthread.php?t=44\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-11/0496.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-11/0494.html\nISS X-Force ID: 30507\n[CVE-2006-6198](https://vulners.com/cve/CVE-2006-6198)\nBugtraq ID: 21288\n", "edition": 1, "modified": "2006-11-24T07:18:50", "published": "2006-11-24T07:18:50", "href": "https://vulners.com/osvdb/OSVDB:31753", "id": "OSVDB:31753", "title": "cPanel WebHost Manager (WHM) editpkg pkg Variable XSS", "type": "osvdb", "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:28", "bulletinFamily": "software", "cvelist": ["CVE-2006-6198"], "description": "## Solution Description\nUpgrade to version 11.1.0 (build 4) or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Manual Testing Notes\nhttp://[target]:2086/scripts2/dochangeemail?user=demo&domain=demo.com&email=XSS\n## References:\n[Secunia Advisory ID:23116](https://secuniaresearch.flexerasoftware.com/advisories/23116/)\n[Related OSVDB ID: 31753](https://vulners.com/osvdb/OSVDB:31753)\n[Related OSVDB ID: 31755](https://vulners.com/osvdb/OSVDB:31755)\n[Related OSVDB ID: 31754](https://vulners.com/osvdb/OSVDB:31754)\n[Related OSVDB ID: 31752](https://vulners.com/osvdb/OSVDB:31752)\n[Related OSVDB ID: 31756](https://vulners.com/osvdb/OSVDB:31756)\n[Related OSVDB ID: 31757](https://vulners.com/osvdb/OSVDB:31757)\nOther Advisory URL: http://www.aria-security.com/forum/showthread.php?t=44\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-11/0496.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-11/0494.html\nISS X-Force ID: 30507\n[CVE-2006-6198](https://vulners.com/cve/CVE-2006-6198)\nBugtraq ID: 21288\n", "edition": 1, "modified": "2006-11-24T07:18:50", "published": "2006-11-24T07:18:50", "href": "https://vulners.com/osvdb/OSVDB:31751", "id": "OSVDB:31751", "title": "cPanel WebHost Manager (WHM) dochangeemail email Variable XSS", "type": "osvdb", "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "exploitdb": [{"lastseen": "2016-02-03T09:46:09", "description": "cPanel WebHost Manager 3.1 dochangeemail email Parameter XSS. CVE-2006-6198 . Webapps exploit for php platform", "published": "2006-11-25T00:00:00", "type": "exploitdb", "title": "cPanel WebHost Manager 3.1 dochangeemail email Parameter XSS", "bulletinFamily": "exploit", "cvelist": ["CVE-2006-6198"], "modified": "2006-11-25T00:00:00", "id": "EDB-ID:29182", "href": "https://www.exploit-db.com/exploits/29182/", "sourceData": "source: http://www.securityfocus.com/bid/21288/info\r\n\r\nWebHost Manager is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. \r\n\r\nAn attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.\r\n\r\nWebHost Manager version 3.1.0 is vulnerable; other versions may also be affected.\r\n\r\nhttp://www.example.com:2086/scripts2/dochangeemail?user=demo&domain=demo.com&email=XSS", "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/29182/"}, {"lastseen": "2016-02-03T09:46:18", "description": "cPanel WebHost Manager 3.1 addon_configsupport.cgi supporturl Parameter XSS. CVE-2006-6198. Webapps exploit for php platform", "published": "2006-11-25T00:00:00", "type": "exploitdb", "title": "cPanel WebHost Manager 3.1 addon_configsupport.cgi supporturl Parameter XSS", "bulletinFamily": "exploit", "cvelist": ["CVE-2006-6198"], "modified": "2006-11-25T00:00:00", "id": "EDB-ID:29183", "href": "https://www.exploit-db.com/exploits/29183/", "sourceData": "source: http://www.securityfocus.com/bid/21288/info\r\n \r\nWebHost Manager is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. \r\n \r\nAn attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.\r\n \r\nWebHost Manager version 3.1.0 is vulnerable; other versions may also be affected.\r\n\r\nhttp://www.example.com:2086/cgi/addon_configsupport.cgi?cgiaction=save&supportaddy=Domain.name&emailpipecmd=Domain.name&displaybrowserbody=1&displaybrowsersubject=1&displaydomainbody=1&displaydomainsubject=1&displayhostnamebody=1&displayhostnamesubject=1&displayipbody=1&displayipsubject=1&displayuserbody=1&displayusersubject=1&type=redirect&supporturl=XSS\r\n", "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/29183/"}, {"lastseen": "2016-02-03T09:46:26", "description": "cPanel WebHost Manager 3.1 editpkg pkg Parameter XSS. CVE-2006-6198. Webapps exploit for php platform", "published": "2006-11-25T00:00:00", "type": "exploitdb", "title": "cPanel WebHost Manager 3.1 editpkg pkg Parameter XSS", "bulletinFamily": "exploit", "cvelist": ["CVE-2006-6198"], "modified": "2006-11-25T00:00:00", "id": "EDB-ID:29184", "href": "https://www.exploit-db.com/exploits/29184/", "sourceData": "source: http://www.securityfocus.com/bid/21288/info\r\n \r\nWebHost Manager is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. \r\n \r\nAn attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.\r\n \r\nWebHost Manager version 3.1.0 is vulnerable; other versions may also be affected.\r\n\r\nhttp://www.example.com:2086/scripts/editpkg?pkg=XSS", "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/29184/"}, {"lastseen": "2016-02-03T09:46:35", "description": "cPanel WebHost Manager 3.1 domts2 domain Parameter XSS. CVE-2006-6198. Webapps exploit for php platform", "published": "2006-11-25T00:00:00", "type": "exploitdb", "title": "cPanel WebHost Manager 3.1 domts2 domain Parameter XSS", "bulletinFamily": "exploit", "cvelist": ["CVE-2006-6198"], "modified": "2006-11-25T00:00:00", "id": "EDB-ID:29185", "href": "https://www.exploit-db.com/exploits/29185/", "sourceData": "source: http://www.securityfocus.com/bid/21288/info\r\n \r\nWebHost Manager is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. \r\n \r\nAn attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.\r\n \r\nWebHost Manager version 3.1.0 is vulnerable; other versions may also be affected.\r\n\r\nhttp://www.example.com:2086/scripts2/domts2?domain=XSS", "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/29185/"}, {"lastseen": "2016-02-03T09:46:43", "description": "cPanel WebHost Manager 3.1 editzone domain Parameter XSS. CVE-2006-6198. Webapps exploit for php platform", "published": "2006-11-25T00:00:00", "type": "exploitdb", "title": "cPanel WebHost Manager 3.1 editzone domain Parameter XSS", "bulletinFamily": "exploit", "cvelist": ["CVE-2006-6198"], "modified": "2006-11-25T00:00:00", "id": "EDB-ID:29186", "href": "https://www.exploit-db.com/exploits/29186/", "sourceData": "source: http://www.securityfocus.com/bid/21288/info\r\n \r\nWebHost Manager is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. \r\n \r\nAn attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.\r\n \r\nWebHost Manager version 3.1.0 is vulnerable; other versions may also be affected.\r\n\r\nhttp://www.example.com:2086/scripts/editzone?domain=XSS", "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/29186/"}, {"lastseen": "2016-02-03T09:46:53", "description": "cPanel WebHost Manager 3.1 dofeaturemanager feature Parameter XSS. CVE-2006-6198. Webapps exploit for php platform", "published": "2006-11-25T00:00:00", "type": "exploitdb", "title": "cPanel WebHost Manager 3.1 dofeaturemanager feature Parameter XSS", "bulletinFamily": "exploit", "cvelist": ["CVE-2006-6198"], "modified": "2006-11-25T00:00:00", "id": "EDB-ID:29187", "href": "https://www.exploit-db.com/exploits/29187/", "sourceData": "source: http://www.securityfocus.com/bid/21288/info\r\n \r\nWebHost Manager is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. \r\n \r\nAn attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.\r\n \r\nWebHost Manager version 3.1.0 is vulnerable; other versions may also be affected.\r\n\r\nhttp://www.example.com:2086/scripts2/dofeaturemanager?action=addfeature&feature=XSS\r\n", "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/29187/"}, {"lastseen": "2016-02-03T09:47:02", "description": "cPanel WebHost Manager 3.1 park ndomain Parameter XSS. CVE-2006-6198 . Webapps exploit for php platform", "published": "2006-11-25T00:00:00", "type": "exploitdb", "title": "cPanel WebHost Manager 3.1 park ndomain Parameter XSS", "bulletinFamily": "exploit", "cvelist": ["CVE-2006-6198"], "modified": "2006-11-25T00:00:00", "id": "EDB-ID:29188", "href": "https://www.exploit-db.com/exploits/29188/", "sourceData": "source: http://www.securityfocus.com/bid/21288/info\r\n \r\nWebHost Manager is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. \r\n \r\nAn attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.\r\n \r\nWebHost Manager version 3.1.0 is vulnerable; other versions may also be affected.\r\n\r\nhttp://www.example.com:2086/scripts/park?domain=demo.com&ndomain=XSS", "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/29188/"}]}
