CPanel Multiple Cross-Site Scripting Vulnerabilities BugTraq ID: 20683

D

dlennon

Member
PartnerNOC
May 17, 2006
9
0
151
1. CPanel Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 20683
Remote: Yes
Last Updated: 2006-10-24
Relevant URL: http://www.securityfocus.com/bid/20683
Summary:
cPanel is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.

An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

cPanel version 10.9.0 is vulnerable; other versions may also be affected.



Any info on what update has been released, how about a security forum dedicated to these types of issues? Just a suggestion.....

-Damian
 
nyjimbo

nyjimbo

Well-Known Member
Jan 25, 2003
1,136
1
168
New York
Sounds like a blanket statement of the whole Cpanel environment. Hope they are wrong.

:(
 
P

pjman

Well-Known Member
Mar 22, 2003
101
0
166
New York
It was fixed in release 56

It was fixed in 56. So, if you're running Build 56 and up, you're cool!

The former exploit required authentication, too! So, it was only local.
 
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
D Breached cPanel - multiple logged logins even with 2FA enabled Security 2
N can cPanel supplied SSL cert be used for multiple domains? Security 1
R SSL Multicert install across multiple cPanel accounts Security 1
E CPanel 11 Beta Multiple Cross-Site Scripting Security 3
L cPanel Multiple Cross-Site Scripting Vulnerabilities Security 1
Similar threads
Breached cPanel - multiple logged logins even with 2FA enabled
can cPanel supplied SSL cert be used for multiple domains?
SSL Multicert install across multiple cPanel accounts
CPanel 11 Beta Multiple Cross-Site Scripting
cPanel Multiple Cross-Site Scripting Vulnerabilities
Top Bottom