Community Forums
Connect with us on LinkedIn
cPanel Multiple Cross-Site Scripting Vulnerabilities
  
Closed Thread
Results 1 to 2 of 2
  1. 08-21-2006 06:06 PM #1
    leorevenda
    leorevenda is offline
    cPanel Partner NOC cPanel Partner NOC Badge
    Join Date
    Jan 2004
    Posts
    30

    Default cPanel Multiple Cross-Site Scripting Vulnerabilities

    I see this today on secunia.com website:

    Secunia Advisory: SA21592 Print Advisory
    Release Date: 2006-08-21

    Critical:
    Less critical
    Impact: Cross Site Scripting
    Where: From remote
    Solution Status: Unpatched

    Software: cPanel 10.x

    -----
    Description:
    Preth00nker has reported some vulnerabilities in cPanel, which can be exploited by malicious people to conduct cross-site scripting attacks.

    Input passed to the "dir" parameter in dohtaccess.html and to the "file" parameter in editit.html and showfile.html is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

    Examples:
    http://[host]:2082/frontend/x/htacce...cess.html?dir=[code]
    http://[host]:2082/frontend/x/files/editit.html?dir=/&file=[code]
    http://[host]:2082/frontend/x/files/showfile.html?dir=/&file=[code]

    Solution:
    Filter malicious characters and character sequences in a web proxy.

    Provided and/or discovered by:
    Preth00nker

    ----
    more details:
    http://secunia.com/advisories/21592/
  2. 08-22-2006 10:17 AM #2
    chirpy
    chirpy is offline
    Super Moderator This forum account has been confirmed by cPanel staff to represent a vendor. chirpy's Avatar
    Join Date
    Jun 2002
    Location
    Go on, have a guess
    Posts
    13,495

    Default

    Mentioned here:
    http://forums.cpanel.net/showthread.php?t=56613
    Jonathan Michaelson

    Need your cPanel servers secured and tuned?
    cPanel Server Configuration, Security, Recovery and Antivirus/AntiSpam Services
    Developers of the most effective (and free) Firewall & Security Solution for cPanel Servers - csf
    http://www.configserver.com
«   Odd Exim Error (Rejected as SPAM source) | cpanel can't see IPs on eth1 »     
Similar Threads & Tags
Similar threads

  1. Cpanel cross site scripting vulnerability
    By driverC in forum cPanel and WHM Discussions
    Replies: 1
    Last Post: 08-13-2008, 01:04 PM
  2. CPanel 11 Beta Multiple Cross-Site Scripting
    By ehostcoua in forum cPanel and WHM Discussions
    Replies: 3
    Last Post: 11-30-2006, 04:35 PM
  3. CPanel Multiple Cross-Site Scripting Vulnerabilities BugTraq ID: 20683
    By dlennon in forum cPanel and WHM Discussions
    Replies: 4
    Last Post: 10-26-2006, 10:07 AM
  4. cPanel cpsrvd.pl Cross-Site Scripting Vulnerability
    By sr_gireesh in forum cPanel and WHM Discussions
    Replies: 1
    Last Post: 06-23-2005, 03:26 AM
  5. Security vulnerability: phpMyAdmin Cross-Site Scripting Vulnerabilities
    By iCARus in forum cPanel and WHM Discussions
    Replies: 1
    Last Post: 11-19-2004, 09:51 AM
Linkedin       Facebook       Twitter       RSS       Flickr       YouTube