CVE-2006-5883 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in cPanel 10 allow remote authenticated users to inject arbitrary web script or HTML via the (1) dir parameter in (a) seldir.html and the (2) user and (3) dir parameters in (b) newuser.html.

Reference

http://aria-security.net/advisory/cpanel.txt http://secunia.com/advisories/22825 http://securityreason.com/securityalert/1847 http://www.osvdb.org/30386 http://www.osvdb.org/30387 http://www.securityfocus.com/archive/1/451374/100/0/threaded http://www.securityfocus.com/bid/21027 http://www.vupen.com/english/advisories/2006/4500