Cross-Site Scripting Vulnerabilities in cPanel WebHost Manager
CVE-2006-6198

Currently unrated

Key Information:

Vendor: Cpanel
Status: Webhost Manager
Vendor: CVE Published:; 1 December 2006

What is CVE-2006-6198?

Multiple cross-site scripting vulnerabilities exist in cPanel WebHost Manager 3.1.0. These vulnerabilities permit remote authenticated users to inject arbitrary web scripts or HTML through various parameters in several scripts. Notable affected scripts include 'dochangeemail' for email changes, 'addon_configsupport.cgi' for support URL configurations, 'editpkg' for package editing, 'domts2' for domain tasks, 'editzone' for DNS zone editing, 'dofeaturemanager' for feature management, and 'park' for domain parking. Attackers can exploit these XSS vulnerabilities to execute malicious scripts in the context of users, potentially leading to unauthorized actions and data exposure.

References

http://www.securityfocus.com/bid/21288

vdb-entryx_refsource_BID

http://www.aria-security.com/forum/showthread.php?t=44

x_refsource_MISC

http://securityreason.com/securityalert/1938

third-party-advisoryx_refsource_SREASON

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 1, 2006
Vulnerability Reserved
Nov 30, 2006

Cpanel

What is CVE-2006-6198?

References

Timeline