Cross-Site Scripting Vulnerability in cPanel WebHost Manager by cPanel
CVE-2007-0890

Currently unrated

Key Information:

Vendor

Cpanel
Status
Webhost Manager
Vendor
CVE Published:
12 February 2007

What is CVE-2007-0890?

A Cross-Site Scripting vulnerability exists in cPanel WebHost Manager (WHM) versions 11.0.0 and earlier. This flaw allows remote attackers to execute arbitrary web scripts or HTML code via the 'password' parameter when the payload is processed by the affected application. Exploitation of this vulnerability can lead to exposure of sensitive user data and system compromise as attackers could manipulate user actions or steal session cookies.

References

http://changelog.cpanel.net/index.cgi
x_refsource_MISC
http://www.securityfocus.com/archive/1/459585/100/0/threaded
mailing-listx_refsource_BUGTRAQ
http://www.securityfocus.com/bid/22474
vdb-entryx_refsource_BID

EPSS Score

5% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.