CVE-2008-2070
Severity CVSS v4.0:
Pending analysis
Type:
CWE-79
Cross-Site Scripting (XSS)
Publication date:
12/05/2008
Last modified:
07/11/2023
Description
The WHM interface 11.15.0 for cPanel 11.18 before 11.18.4 and 11.22 before 11.22.3 allows remote attackers to bypass XSS protection and inject arbitrary script or HTML via repeated, improperly-ordered "" characters in the (1) issue parameter to scripts2/knowlegebase, (2) user parameter to scripts2/changeip, (3) search parameter to scripts2/listaccts, and other unspecified vectors.
Impact
Base Score 2.0
4.30
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:cpanel:cpanel:11.18:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cpanel:cpanel:11.18.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cpanel:cpanel:11.18.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cpanel:cpanel:11.18.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cpanel:cpanel:11.22:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cpanel:cpanel:11.22.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cpanel:cpanel:11.22.2:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://changelog.cpanel.net/?revision=0%3Btree%3D%3Btreeview%3D%3Bshow%3Dhtml%3Bpp%3D25%3Bte%3D1314%3Bpg%3D2
- http://lists.grok.org.uk/pipermail/full-disclosure/2008-May/062197.html
- http://secunia.com/advisories/30166
- http://securityreason.com/securityalert/3866
- http://www.securityfocus.com/archive/1/491864/100/0/threaded
- http://www.securityfocus.com/bid/29125
- http://www.vupen.com/english/advisories/2008/1522/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42305