Cross-site scripting (XSS) vulnerability in cPanel 6.4.2 allows remote attackers to insert arbitrary HTML and possibly gain cPanel administrator privileges via script in a URL that is logged but not properly quoted when displayed via the (1) Error Log or (2) Latest Visitors screens.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Cpanel | Cpanel | 5.0 | 5.0 |
Cpanel | Cpanel | 5.3 | 5.3 |
Cpanel | Cpanel | 6.0 | 6.0 |
Cpanel | Cpanel | 6.2 | 6.2 |
Cpanel | Cpanel | 6.4 | 6.4 |
Cpanel | Cpanel | 6.4.1 | 6.4.1 |
Cpanel | Cpanel | 6.4.2 | 6.4.2 |
Cpanel | Cpanel | 6.4.2_stable_48 | 6.4.2_stable_48 |