The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

cPanel "fileop" Cross-Site Scripting Vulnerability

Discussion in 'General Discussion' started by hekri, Dec 21, 2009.

  1. hekri

    hekri Well-Known Member

    Joined:
    Oct 14, 2003
    Messages:
    149
    Likes Received:
    2
    Trophy Points:
    18
    Description:
    A vulnerability has been reported in cPanel, which can be exploited by malicious people to conduct cross-site scripting attacks.

    Input passed to the "fileop" parameter in frontend/x3/files/fileop.html is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

    The vulnerability is reported in cPanel version 11.24.7 and all prior 11.x versions.


    cPanel "fileop" Cross-Site Scripting Vulnerability - Secunia Advisories - Vulnerability Information - Secunia.com

    any fix to thise issue?
     
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,466
    Likes Received:
    196
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    According to that advisory:

    According to the changelog:
    cPanel - The Leading Control Panel - Change Log

    Release 42213
    2009-12-16 18:45:35
     
  3. hekri

    hekri Well-Known Member

    Joined:
    Oct 14, 2003
    Messages:
    149
    Likes Received:
    2
    Trophy Points:
    18
    I dont want use relase or edge on production servers...
     
  4. sven4o

    sven4o Member

    Joined:
    May 21, 2007
    Messages:
    19
    Likes Received:
    0
    Trophy Points:
    1
    Re:

    Please let us know whether it will be possible to resolve the issue without upgrading the cPanel version.

    We can perform the upgrade on a separate server and just copy the necessarily files.

    We have tried to copy the files from the /usr/local/cpanel/base/frontend/THEME/ folder from a upgraded cPanel installation, but this has not resolved the issue.

    We need to know which are the files where "fileop" is sanitized.
     
Loading...

Share This Page