Cross-Site Scripting Vulnerabilities in cPanel WebHost Manager by cPanel
CVE-2006-6548

Currently unrated

Key Information:

Vendor: Cpanel
Status: Webhost Manager
Vendor: CVE Published:; 14 December 2006

Summary

Multiple cross-site scripting vulnerabilities have been discovered in cPanel WebHost Manager (WHM) version 3.1.0. These vulnerabilities allow remote authenticated users to inject arbitrary web scripts or HTML through the domain parameter to several scripts, including 'scripts2/changeemail', 'scripts2/limitbw', and 'scripts/rearrangeacct'. This certain exploitation can lead to malicious user actions and unauthorized data access, emphasizing the need for prompt security measures and updates.

References

http://www.aria-security.com/forum/showthread.php?t=44

x_refsource_MISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/30792

vdb-entryx_refsource_XF

http://www.securityfocus.com/archive/1/453885/100/0/threaded

mailing-listx_refsource_BUGTRAQ

Timeline

Vulnerability published
Dec 14, 2006
Vulnerability Reserved
Dec 14, 2006