CVE-2004-1875 Information
Description
Multiple cross-site scripting (XSS) vulnerabilities in cPanel 9.1.0-R85 allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to testfile.html (2) file parameter to erredit.html (3) dns parameter to dnslook.html (4) account parameter to ignorelist.html (5) account parameter to showlog.html (6) db parameter to repairdb.html (7) login parameter to doaddftp.html (8) account parameter to editmsg.htm or (9) ip parameter to del.html. NOTE: the dnslook.html vector was later reported to exist in cPanel 10.
Reference
http://marc.info/?l=bugtraq&m=108066561608676&w=2 http://secunia.com/advisories/11244 http://secunia.com/advisories/22984 http://www.aria-security.com/forum/showthread.php?t=30 http://www.cirt.net/advisories/cpanel_xss.shtml http://www.osvdb.org/4208 http://www.osvdb.org/4209 http://www.osvdb.org/4210 http://www.osvdb.org/4211 http://www.osvdb.org/4212 http://www.osvdb.org/4213 http://www.osvdb.org/4214 http://www.osvdb.org/4215 http://www.osvdb.org/4243 http://www.securityfocus.com/bid/10002 http://www.securityfocus.com/bid/21142 http://www.vupen.com/english/advisories/2006/4658 https://exchange.xforce.ibmcloud.com/vulnerabilities/15671
Share on: