CVE-2008-2070

The WHM interface 11.15.0 for cPanel 11.18 before 11.18.4 and 11.22 before 11.22.3 allows remote attackers to bypass XSS protection and inject arbitrary script or HTML via repeated, improperly-ordered "<" and ">" characters in the (1) issue parameter to scripts2/knowlegebase, (2) user parameter to scripts2/changeip, (3) search parameter to scripts2/listaccts, and other unspecified vectors.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:cpanel:cpanel:11.18:*:*:*:*:*:*:*
cpe:2.3:a:cpanel:cpanel:11.18.1:*:*:*:*:*:*:*
cpe:2.3:a:cpanel:cpanel:11.18.2:*:*:*:*:*:*:*
cpe:2.3:a:cpanel:cpanel:11.18.3:*:*:*:*:*:*:*
cpe:2.3:a:cpanel:cpanel:11.22:*:*:*:*:*:*:*
cpe:2.3:a:cpanel:cpanel:11.22.1:*:*:*:*:*:*:*
cpe:2.3:a:cpanel:cpanel:11.22.2:*:*:*:*:*:*:*

History

21 Nov 2024, 00:46

Type Values Removed Values Added
References () http://changelog.cpanel.net/?revision=0%3Btree=%3Btreeview=%3Bshow=html%3Bpp=25%3Bte=1314%3Bpg=2 - () http://changelog.cpanel.net/?revision=0%3Btree=%3Btreeview=%3Bshow=html%3Bpp=25%3Bte=1314%3Bpg=2 -
References () http://lists.grok.org.uk/pipermail/full-disclosure/2008-May/062197.html - () http://lists.grok.org.uk/pipermail/full-disclosure/2008-May/062197.html -
References () http://secunia.com/advisories/30166 - () http://secunia.com/advisories/30166 -
References () http://securityreason.com/securityalert/3866 - () http://securityreason.com/securityalert/3866 -
References () http://www.securityfocus.com/archive/1/491864/100/0/threaded - () http://www.securityfocus.com/archive/1/491864/100/0/threaded -
References () http://www.securityfocus.com/bid/29125 - Exploit () http://www.securityfocus.com/bid/29125 - Exploit
References () http://www.vupen.com/english/advisories/2008/1522/references - () http://www.vupen.com/english/advisories/2008/1522/references -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/42305 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/42305 -

Information

Published : 2008-05-12 16:20

Updated : 2024-11-21 00:46


NVD link : CVE-2008-2070

Mitre link : CVE-2008-2070

CVE.ORG link : CVE-2008-2070


JSON object : View

Products Affected

cpanel

  • cpanel
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')