[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

cPanel XSS Vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: cPanel XSS Vulnerability
From: thomas@xxxxxxxxxxxxxx
Date: 14 Jul 2010 16:38:36 -0000

cPanel 11.25 is vulnerable to an XSS exploit as it fails to clean user-supplied 
input.

All versions prior to 47010 are affected. Please note that whilst this 
vulnerability is patched in version 47010, 47010 is currently on the 
bleeding-edge and isn't recommended for the stable environment.

Successful exploitation can result in user credentials being taken and being 
used to gain escalated privileges.

References: 
http://changelog.cpanel.net/?revision=0;tree=;treeview=;show=html;pp=50

Prev by Date: CVE-2010-2375: WebLogic Plugin HTTP Injection via Encoded URLs
Next by Date: [ MDVSA-2010:132 ] python
Previous by thread: CVE-2010-2375: WebLogic Plugin HTTP Injection via Encoded URLs
Next by thread: [ MDVSA-2010:132 ] python
Index(es):
- Date
- Thread