Published: 12/02/2007 Updated: 16/10/2018

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 435

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Cross-site scripting (XSS) vulnerability in scripts/passwdmysql in cPanel WebHost Manager (WHM) 11.0.0 and previous versions allows remote malicious users to inject arbitrary web script or HTML via the password parameter.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cpanel webhost manager 11
cpanel webhost manager 11.0
cpanel webhost manager 6.4.1
cpanel webhost manager 6.4.2
cpanel webhost manager 9.4.1_r64
cpanel webhost manager 9.9.1_r3
cpanel webhost manager 10.6.0_r137
cpanel webhost manager 10.8.1_113
cpanel webhost manager 10.8.1_build84
cpanel webhost manager 5.3
cpanel webhost manager 6.0
cpanel webhost manager 8.0
cpanel webhost manager 9.0
cpanel webhost manager 10.8.2_118
cpanel webhost manager 10.9
cpanel webhost manager 6.2
cpanel webhost manager 6.4
cpanel webhost manager 9.1
cpanel webhost manager 9.1.0_r85
cpanel webhost manager 10.2.0_r82
cpanel webhost manager 11_beta
cpanel webhost manager 5.0
cpanel webhost manager 6.4.2_stable_48
cpanel webhost manager 7.0

source: wwwsecurityfocuscom/bid/22474/info cPanel is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site This may help the attac ...

NVD-CWE-Other http://changelog.cpanel.net/index.cgi http://www.securityfocus.com/bid/22474 http://secunia.com/advisories/24106 http://osvdb.org/32044 http://www.vupen.com/english/advisories/2007/0568 http://www.securityfocus.com/archive/1/459585/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/29572/

CVE-2007-0890

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect