XSS vunerability

**xela** · 03-30-2004 11:15 AM

For those that havn't seen it: http://news.almostinspired.co.uk/art....lists.bugtraq

Why don't cPanel change the release version so we don't all have to force upgrades to the EDGE version?

Fix/Workaround:
Upgrade to the April 1, 2004 EDGE release or newer.

That's funny 'cause it isn't 01 Apr yet

**bamasbest** · 03-30-2004 12:03 PM

As a rule of thumb, you would never catch me doing anyhting on April Fool's Day

**WCW Fan** · 03-30-2004 08:10 PM

9.1.0-STABLE_93

Is Effected

**fleksi** · 03-30-2004 09:11 PM

install mod_security and gain rules to protect from XSS attacks.

**SarcNBit** · 03-30-2004 11:50 PM

We need an acronym registry!

I came here wondering in what way Cascading Style Sheets were vulnerable and how it applied to cPanel installs.

**xela** · 03-31-2004 01:46 AM

Changed to an "X", just for you

**casey** · 03-31-2004 02:44 AM

Originally posted by fleksi
install mod_security and gain rules to protect from XSS attacks.

cpanel doesn't use the apache on port 80, so I don't think that's an option in this case. I have mod_security installed, and mine is still vulnerable. 9.1.0 current 65.

**jamesbond** · 03-31-2004 02:52 AM

Originally posted by fleksi
install mod_security and gain rules to protect from XSS attacks.

How did you install mod_security on the cpanel webserver?

I am running mod_security on my server, but Cpanel (port 2083 etc.) doesn't run on the apache webserver you use to serve your websites with. It uses a separate webserver.

EDIT : Casey was one step ahead of me

**casey** · 03-31-2004 04:20 AM

Originally posted by jamesbond
EDIT : Casey was one step ahead of me

Ha, ha.

LinkBack

Thread Tools

XSS vunerability

Apacher/mod_ssl vunerability

Apacher/mod_ssl vunerability

CSS in Cpanel

CSS gone?

uw-imapd vunerability question