Cross-Site Scripting Vulnerability in cgiemail and cgiecho by cPanel
CVE-2017-5616
6.1MEDIUM
Summary
A cross-site scripting (XSS) vulnerability has been identified in cgiemail and cgiecho, which enables remote attackers to inject arbitrary web scripts or HTML content through the 'addendum' parameter. This could lead to various security issues, including session hijacking and data theft, if exploited successfully. It is essential for users to update their versions or apply security patches to mitigate the risks associated with this vulnerability.
References
CVSS V3.1
Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved