Cross-Site Scripting Vulnerability in cPanel's WHM Upload Locale Feature
CVE-2017-11441

5.4MEDIUM

Key Information:

Vendor: Cpanel
Status: Whm
Vendor: CVE Published:; 19 July 2017

What is CVE-2017-11441?

The WHM Upload Locale interface in earlier versions of cPanel is susceptible to Cross-Site Scripting (XSS) attacks via the manipulation of locale filenames. This vulnerability allows attackers to exploit this feature in various older versions of cPanel, potentially compromising web hosting environments and user data. Security updates are essential for users to maintain a secure hosting platform and prevent unauthorized access.

References

https://news.cpanel.com/cpanel-tsr-2017-0004-full-disclos...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 19, 2017
Vulnerability Reserved
Jul 19, 2017

Cpanel

What is CVE-2017-11441?

References

CVSS V3.1

Timeline