1. CVE-Search
  2. CVE-2007-0890
ID CVE-2007-0890
Summary Cross-site scripting (XSS) vulnerability in scripts/passwdmysql in cPanel WebHost Manager (WHM) 11.0.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the password parameter.
References
Vulnerable Configurations
  • cpe:2.3:a:cpanel:webhost_manager:5.0:*:*:*:*:*:*:*
    cpe:2.3:a:cpanel:webhost_manager:5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:cpanel:webhost_manager:5.3:*:*:*:*:*:*:*
    cpe:2.3:a:cpanel:webhost_manager:5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:cpanel:webhost_manager:6.0:*:*:*:*:*:*:*
    cpe:2.3:a:cpanel:webhost_manager:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:cpanel:webhost_manager:6.2:*:*:*:*:*:*:*
    cpe:2.3:a:cpanel:webhost_manager:6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:cpanel:webhost_manager:6.4:*:*:*:*:*:*:*
    cpe:2.3:a:cpanel:webhost_manager:6.4:*:*:*:*:*:*:*
  • cpe:2.3:a:cpanel:webhost_manager:6.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:cpanel:webhost_manager:6.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:cpanel:webhost_manager:6.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:cpanel:webhost_manager:6.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:cpanel:webhost_manager:6.4.2_stable_48:*:*:*:*:*:*:*
    cpe:2.3:a:cpanel:webhost_manager:6.4.2_stable_48:*:*:*:*:*:*:*
  • cpe:2.3:a:cpanel:webhost_manager:7.0:*:*:*:*:*:*:*
    cpe:2.3:a:cpanel:webhost_manager:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:cpanel:webhost_manager:8.0:*:*:*:*:*:*:*
    cpe:2.3:a:cpanel:webhost_manager:8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:cpanel:webhost_manager:9.0:*:*:*:*:*:*:*
    cpe:2.3:a:cpanel:webhost_manager:9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:cpanel:webhost_manager:9.1:*:*:*:*:*:*:*
    cpe:2.3:a:cpanel:webhost_manager:9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:cpanel:webhost_manager:9.1.0_r85:*:*:*:*:*:*:*
    cpe:2.3:a:cpanel:webhost_manager:9.1.0_r85:*:*:*:*:*:*:*
  • cpe:2.3:a:cpanel:webhost_manager:9.4.1_r64:*:*:*:*:*:*:*
    cpe:2.3:a:cpanel:webhost_manager:9.4.1_r64:*:*:*:*:*:*:*
  • cpe:2.3:a:cpanel:webhost_manager:9.9.1_r3:*:*:*:*:*:*:*
    cpe:2.3:a:cpanel:webhost_manager:9.9.1_r3:*:*:*:*:*:*:*
  • cpe:2.3:a:cpanel:webhost_manager:10.2.0_r82:*:*:*:*:*:*:*
    cpe:2.3:a:cpanel:webhost_manager:10.2.0_r82:*:*:*:*:*:*:*
  • cpe:2.3:a:cpanel:webhost_manager:10.6.0_r137:*:*:*:*:*:*:*
    cpe:2.3:a:cpanel:webhost_manager:10.6.0_r137:*:*:*:*:*:*:*
  • cpe:2.3:a:cpanel:webhost_manager:10.8.1_113:*:*:*:*:*:*:*
    cpe:2.3:a:cpanel:webhost_manager:10.8.1_113:*:*:*:*:*:*:*
  • cpe:2.3:a:cpanel:webhost_manager:10.8.1_build84:*:*:*:*:*:*:*
    cpe:2.3:a:cpanel:webhost_manager:10.8.1_build84:*:*:*:*:*:*:*
  • cpe:2.3:a:cpanel:webhost_manager:10.8.2_118:*:*:*:*:*:*:*
    cpe:2.3:a:cpanel:webhost_manager:10.8.2_118:*:*:*:*:*:*:*
  • cpe:2.3:a:cpanel:webhost_manager:10.9:*:*:*:*:*:*:*
    cpe:2.3:a:cpanel:webhost_manager:10.9:*:*:*:*:*:*:*
  • cpe:2.3:a:cpanel:webhost_manager:11:*:*:*:*:*:*:*
    cpe:2.3:a:cpanel:webhost_manager:11:*:*:*:*:*:*:*
  • cpe:2.3:a:cpanel:webhost_manager:11.0:*:*:*:*:*:*:*
    cpe:2.3:a:cpanel:webhost_manager:11.0:*:*:*:*:*:*:*
  • cpe:2.3:a:cpanel:webhost_manager:11_beta:*:*:*:*:*:*:*
    cpe:2.3:a:cpanel:webhost_manager:11_beta:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 16-10-2018 - 16:35)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:P/A:N
refmap via4
bid 22474
bugtraq 20070208 local bug :[xxs] in whm
misc http://changelog.cpanel.net/index.cgi
osvdb 32044
secunia 24106
vupen ADV-2007-0568
Last major update 16-10-2018 - 16:35
Published 12-02-2007 - 23:28
Last modified 16-10-2018 - 16:35
Back to Top