The WHM interface 11.15.0 for cPanel 11.18 before 11.18.4 and 11.22 before 11.22.3 allows remote attackers to bypass XSS protection and inject arbitrary script or HTML via repeated, improperly-ordered "<" and ">" characters in the (1) issue parameter to scripts2/knowlegebase, (2) user parameter to scripts2/changeip, (3) search parameter to scripts2/listaccts, and other unspecified vectors.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 00:46
Type | Values Removed | Values Added |
---|---|---|
References | () http://changelog.cpanel.net/?revision=0%3Btree=%3Btreeview=%3Bshow=html%3Bpp=25%3Bte=1314%3Bpg=2 - | |
References | () http://lists.grok.org.uk/pipermail/full-disclosure/2008-May/062197.html - | |
References | () http://secunia.com/advisories/30166 - | |
References | () http://securityreason.com/securityalert/3866 - | |
References | () http://www.securityfocus.com/archive/1/491864/100/0/threaded - | |
References | () http://www.securityfocus.com/bid/29125 - Exploit | |
References | () http://www.vupen.com/english/advisories/2008/1522/references - | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/42305 - |
Information
Published : 2008-05-12 16:20
Updated : 2024-11-21 00:46
NVD link : CVE-2008-2070
Mitre link : CVE-2008-2070
CVE.ORG link : CVE-2008-2070
JSON object : View
Products Affected
cpanel
- cpanel
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')