[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248038

 
 

909

 
 

194772

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2004-1875Date: (C)2004-03-30   (M)2023-12-22


Multiple cross-site scripting (XSS) vulnerabilities in cPanel 9.1.0-R85 allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to testfile.html, (2) file parameter to erredit.html, (3) dns parameter to dnslook.html, (4) account parameter to ignorelist.html, (5) account parameter to showlog.html, (6) db parameter to repairdb.html, (7) login parameter to doaddftp.html (8) account parameter to editmsg.htm, or (9) ip parameter to del.html. NOTE: the dnslook.html vector was later reported to exist in cPanel 10.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 9.3
Exploit Score: 8.6
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
BID-10002
SECUNIA-11244
http://marc.info/?l=bugtraq&m=108066561608676&w=2
BID-21142
SECUNIA-22984
OSVDB-4208
OSVDB-4209
OSVDB-4210
OSVDB-4211
OSVDB-4212
OSVDB-4213
OSVDB-4214
OSVDB-4215
OSVDB-4243
ADV-2006-4658
cpanel-multiple-scripts-xss(15671)
http://www.aria-security.com/forum/showthread.php?t=30
http://www.cirt.net/advisories/cpanel_xss.shtml

CWE    1
CWE-79

© SecPod Technologies