Design/Logic Flaw

2019-08-0115:15:00

PRIOn knowledge base

www.prio-n.com

6.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.8%

JSON

cPanel before 11.54.0.4 allows self XSS in the X3 Entropy Banner interface (SEC-87).

CPENameOperatorVersion
cpanelge11.48.0.5
cpanellt11.48.5.2
cpanelge11.50.0.4
cpanellt11.50.4.3
cpanelge11.52.2.1
cpanellt11.52.2.4
cpanelge11.54.0.0
cpanellt11.54.0.4

Name	Operator	Version
cpanel	ge	11.48.0.5
cpanel	lt	11.48.5.2
cpanel	ge	11.50.0.4
cpanel	lt	11.50.4.3
cpanel	ge	11.52.2.1
cpanel	lt	11.52.2.4
cpanel	ge	11.54.0.0
cpanel	lt	11.54.0.4

References

documentation.cpanel.net/display/CL/54+Change+Log

forums.cpanel.net/threads/cpanel-tsr-2016-0001-full-disclosure.522571/