|
|
CVE Reference: CVE-2008-2070 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2008-2070 |
|
|
Description: The WHM interface 11.15.0 for cPanel 11.18 before 11.18.4 and 11.22 before 11.22.3 allows remote attackers to bypass XSS protection and inject arbitrary script or HTML via repeated, improperly-ordered "<" and ">" characters in the (1) issue parameter to scripts2/knowlegebase, (2) user parameter to scripts2/changeip, (3) search parameter to scripts2/listaccts, and other unspecified vectors. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/42305 SREASON http://securityreason.com/securityalert/3866 SAID Secunia Advisory: SA30166 MISC http://changelog.cpanel.net/?revision=0;tree=;treeview=;show=html;pp=25;te=1314;pg=2 FULLDISC http://lists.grok.org.uk/pipermail/full-disclosure/2008-May/062197.html BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/491864/100/0/threaded BID 29125 |
|
| Return to the previous page. |
