Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1875

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2004-1875
Last Modified 07 Mar 2011 12:00:00
Published 30 Mar 2004 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2004-1875

Summary

Multiple cross-site scripting (XSS) vulnerabilities in cPanel 9.1.0-R85 allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to testfile.html, (2) file parameter to erredit.html, (3) dns parameter to dnslook.html, (4) account parameter to ignorelist.html, (5) account parameter to showlog.html, (6) db parameter to repairdb.html, (7) login parameter to doaddftp.html (8) account parameter to editmsg.htm, or (9) ip parameter to del.html. NOTE: the dnslook.html vector was later reported to exist in cPanel 10.

Vulnerable Systems

Application

  • Cpanel 9.1.0 R85


References

XF - cpanel-multiple-scripts-xss(15671)

MISC - http://www.cirt.net/advisories/cpanel_xss.shtml

SECUNIA - 11244

BUGTRAQ - 20040330 Exensive cPanel Cross Site Scripting

VUPEN - ADV-2006-4658

BID - 21142

BID - 10002

OSVDB - 4243

OSVDB - 4215

OSVDB - 4214

OSVDB - 4213

OSVDB - 4212

OSVDB - 4211

OSVDB - 4210

OSVDB - 4209

OSVDB - 4208

MISC - http://www.aria-security.com/forum/showthread.php?t=30

SECUNIA - 22984


Last Updated: 27 May 2016 10:39:13