Cross-Site Scripting Vulnerability in cPanel WebHost Manager by cPanel
CVE-2007-0890

Currently unrated

Key Information:

Vendor: Cpanel
Status: Webhost Manager
Vendor: CVE Published:; 12 February 2007

Summary

A Cross-Site Scripting vulnerability exists in cPanel WebHost Manager (WHM) versions 11.0.0 and earlier. This flaw allows remote attackers to execute arbitrary web scripts or HTML code via the 'password' parameter when the payload is processed by the affected application. Exploitation of this vulnerability can lead to exposure of sensitive user data and system compromise as attackers could manipulate user actions or steal session cookies.

References

http://changelog.cpanel.net/index.cgi

x_refsource_MISC

http://www.securityfocus.com/archive/1/459585/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/bid/22474

vdb-entryx_refsource_BID

EPSS Score

5% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Feb 12, 2007
Vulnerability Reserved
Feb 12, 2007