Design/Logic Flaw

2019-08-0114:15:00

PRIOn knowledge base

www.prio-n.com

5.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

34.0%

JSON

cPanel before 71.9980.37 allows stored XSS in the WHM cPAddons installation interface (SEC-398).

CPENameOperatorVersion
cpanelge69.9999.122
cpanellt70.0.43
cpanelge67.9999.64
cpanellt68.0.39
cpanelge71.9980.30
cpanellt71.9980.37
cpanelge61.9999.55
cpanellt62.0.47

Name	Operator	Version
cpanel	ge	69.9999.122
cpanel	lt	70.0.43
cpanel	ge	67.9999.64
cpanel	lt	68.0.39
cpanel	ge	71.9980.30
cpanel	lt	71.9980.37
cpanel	ge	61.9999.55
cpanel	lt	62.0.47

References

documentation.cpanel.net/display/CL/72+Change+Log

news.cpanel.com/cpanel-tsr-2018-0003-full-disclosure/