CVE-2004-1875: XSS
First published: Tue Mar 30 2004(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in cPanel 9.1.0-R85 allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to testfile.html, (2) file parameter to erredit.html, (3) dns parameter to dnslook.html, (4) account parameter to ignorelist.html, (5) account parameter to showlog.html, (6) db parameter to repairdb.html, (7) login parameter to doaddftp.html (8) account parameter to editmsg.htm, or (9) ip parameter to del.html. NOTE: the dnslook.html vector was later reported to exist in cPanel 10.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cpanel Cpanel | =9.1.0_r85 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.cirt.net/advisories/cpanel_xss.shtml
- http://www.securityfocus.com/bid/10002
- http://www.osvdb.org/4208
- http://www.osvdb.org/4209
- http://www.osvdb.org/4210
- http://www.osvdb.org/4211
- http://www.osvdb.org/4212
- http://www.osvdb.org/4213
- http://www.osvdb.org/4214
- http://www.osvdb.org/4215
- http://www.osvdb.org/4243
- http://secunia.com/advisories/11244
- http://www.aria-security.com/forum/showthread.php?t=30
- http://www.securityfocus.com/bid/21142
- http://secunia.com/advisories/22984
- http://www.vupen.com/english/advisories/2006/4658
- http://marc.info/?l=bugtraq&m=108066561608676&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15671
- collector/nvd-historical
- collector/nvd-index
- agent/author
- agent/description
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/type
- agent/severity
- agent/weakness
- agent/references
- agent/event
- agent/remedy
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/cpanel
- canonical/cpanel cpanel
- version/cpanel cpanel/9.1.0_r85