nightlysunlight (nightlysunlight) wrote in webhosting,
nightlysunlight
nightlysunlight
webhosting

cPanel Multiple Cross Site Scripting Vulnerability

Vulnerability: Cross Site Scripting / Cookie-Theft / Relogin attacks

Severity: Medium/High

Details:
cPanel (control panel) is a graphical web-based management tool, designed
to make administration of web sites as easy as possible. cPanel handles
all aspects of website administration in an easy-to-use interface.
The software, which is proprietary, runs on a number of popular RPM-based
Linux distributions, such as SuSE, Fedora, Mandriva, CentOS, Red Hat
Enterprise Linux, and cAos, as well as FreeBSD. cPanel is commonly
accessed on ports 2082 and 2083 (for a SSL version). Authentication is
either via HTTP or web page login. cPanel is prone to cross-site scripting
attacks. This problem is due to a failure in the application to properly
sanitize user-supplied input

http://seclists.org/lists/bugtraq/2006/Feb/0050.html
  • Post a new comment

    Error

    default userpic

    Your IP address will be recorded 

  • 0 comments