Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0573

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2006-0573
Last Modified 07 Mar 2011 09:30:21
Published 07 Feb 2006 01:06:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2006-0573

Summary

Multiple cross-site scripting (XSS) vulnerabilies in cPanel 10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to (a) editquota.html or (b) dodelpop.html; (2) showtree parameter to (c) diskusage.html; or the (3) mon, (4) year, (5) target, or (6) domain parameter to (d) stats/detailbw.html.

Vulnerable Systems

Application

  • Cpanel 10

  • Cpanel 5.0

  • Cpanel 5.3

  • Cpanel 6.0

  • Cpanel 6.2

  • Cpanel 6.4

  • Cpanel 6.4.1

  • Cpanel 6.4.2

  • Cpanel 6.4.2 Stable 48

  • Cpanel 7.0

  • Cpanel 8.0

  • Cpanel 9.0

  • Cpanel 9.1


References

XF - cpanel-scripts-xss(24468)

VUPEN - ADV-2006-0433

SECUNIA - 18695

BUGTRAQ - 20060203 cPanel Multiple Cross Site Scripting Vulnerability

FULLDISC - 20060202 cPanel Multiple Cross Site Scripting Vulnerability

OSVDB - 22939

OSVDB - 22938

OSVDB - 22937

OSVDB - 22936


Last Updated: 27 May 2016 10:41:42