Community Forums
Connect with us on LinkedIn
CPanel Multiple Cross-Site Scripting Vulnerabilities BugTraq ID: 20683
  
+ Reply to Thread
Results 1 to 5 of 5
  1. 10-26-2006 08:19 AM #1
    dlennon
    dlennon is offline
    cPanel Partner NOC cPanel Partner NOC Badge
    Join Date
    May 2006
    Posts
    9

    Default CPanel Multiple Cross-Site Scripting Vulnerabilities BugTraq ID: 20683

    1. CPanel Multiple Cross-Site Scripting Vulnerabilities
    BugTraq ID: 20683
    Remote: Yes
    Last Updated: 2006-10-24
    Relevant URL: http://www.securityfocus.com/bid/20683
    Summary:
    cPanel is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.

    An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

    cPanel version 10.9.0 is vulnerable; other versions may also be affected.



    Any info on what update has been released, how about a security forum dedicated to these types of issues? Just a suggestion.....

    -Damian
    Reply With Quote Reply With Quote
  2. 10-26-2006 09:04 AM #2
    randomuser
    randomuser is offline
    Member
    Join Date
    Jun 2005
    Posts
    159

    Default

    I believe these have been addressed in CURRENT:

    http://changelog.cpanel.net/
    Reply With Quote Reply With Quote
  3. 10-26-2006 09:19 AM #3
    nyjimbo
    nyjimbo is offline
    Member nyjimbo's Avatar
    Join Date
    Jan 2003
    Location
    New York
    Posts
    1,105

    Default

    Sounds like a blanket statement of the whole Cpanel environment. Hope they are wrong.

    "A dog has raised it’s hind leg on the age of nevermore !"
    -- Rolf
    Reply With Quote Reply With Quote
  4. 10-26-2006 09:51 AM #4
    dlennon
    dlennon is offline
    cPanel Partner NOC cPanel Partner NOC Badge
    Join Date
    May 2006
    Posts
    9

    Default

    Quote Originally Posted by randomuser View Post
    I believe these have been addressed in CURRENT:

    http://changelog.cpanel.net/
    I see what you are referancing, it mentioned CentOS spicificly, can we get any confermation from cPanel that this has been resolved for other host OS?

    -Damian
    Reply With Quote Reply With Quote
  5. 10-26-2006 10:07 AM #5
    pjman
    pjman is offline
    Member
    Join Date
    Mar 2003
    Location
    New York
    Posts
    101

    Wink It was fixed in release 56

    It was fixed in 56. So, if you're running Build 56 and up, you're cool!

    The former exploit required authentication, too! So, it was only local.
    Reply With Quote Reply With Quote
«   Email - filters or fowarding ? | spamassassin updated but still shows old version »     
Similar Threads & Tags
Similar threads

  1. Cpanel cross site scripting vulnerability
    By driverC in forum cPanel and WHM Discussions
    Replies: 1
    Last Post: 08-13-2008, 01:04 PM
  2. CPanel 11 Beta Multiple Cross-Site Scripting
    By ehostcoua in forum cPanel and WHM Discussions
    Replies: 3
    Last Post: 11-30-2006, 04:35 PM
  3. cPanel Multiple Cross-Site Scripting Vulnerabilities
    By leorevenda in forum cPanel and WHM Discussions
    Replies: 1
    Last Post: 08-22-2006, 10:17 AM
  4. cPanel cpsrvd.pl Cross-Site Scripting Vulnerability
    By sr_gireesh in forum cPanel and WHM Discussions
    Replies: 1
    Last Post: 06-23-2005, 03:26 AM
  5. Security vulnerability: phpMyAdmin Cross-Site Scripting Vulnerabilities
    By iCARus in forum cPanel and WHM Discussions
    Replies: 1
    Last Post: 11-19-2004, 09:51 AM
Linkedin       Facebook       Twitter       RSS       Flickr       YouTube