CVE-2006-4293 - Multiple cross-site scripting (XSS) vulnerabilities in cPanel 10 allow remote attackers to inject ar

CVE-2006-4293

Summary

Multiple cross-site scripting (XSS) vulnerabilities in cPanel 10 allow remote attackers to inject arbitrary web script or HTML via the (1) dir parameter in dohtaccess.html, or the (2) file parameter in (a) editit.html or (b) showfile.html.

References

http://secunia.com/advisories/21592
http://securityreason.com/securityalert/1442
http://www.osvdb.org/28041
http://www.osvdb.org/28042
http://www.osvdb.org/28043
http://www.securityfocus.com/archive/1/443637/100/0/threaded
http://www.securityfocus.com/bid/19624
https://exchange.xforce.ibmcloud.com/vulnerabilities/28447

Vulnerable Configurations

cpe:2.3:a:cpanel:cpanel:10:*:*:*:*:*:*:*
cpe:2.3:a:cpanel:cpanel:10:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 17-10-2018 - 21:34)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:P/A:N

refmap via4

bid	19624
bugtraq	20060816 Multiple xxs cPanel 10
osvdb	28041 28042 28043
secunia	21592
sreason	1442
xf	cpanel-dohtaccess-xss(28447)

Last major update

17-10-2018 - 21:34

Published

22-08-2006 - 17:04

Last modified

17-10-2018 - 21:34