CPanel Multiple Cross-Site Scripting Vulnerabilities BugTraq ID: 20683

dlennon

Member
PartnerNOC
May 17, 2006
9
0
151
1. CPanel Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 20683
Remote: Yes
Last Updated: 2006-10-24
Relevant URL: http://www.securityfocus.com/bid/20683
Summary:
cPanel is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.

An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

cPanel version 10.9.0 is vulnerable; other versions may also be affected.



Any info on what update has been released, how about a security forum dedicated to these types of issues? Just a suggestion.....

-Damian
 

nyjimbo

Well-Known Member
Jan 25, 2003
1,137
1
168
New York
Sounds like a blanket statement of the whole Cpanel environment. Hope they are wrong.

:(
 

pjman

Well-Known Member
Mar 22, 2003
101
0
166
New York
It was fixed in release 56

It was fixed in 56. So, if you're running Build 56 and up, you're cool!

The former exploit required authentication, too! So, it was only local.