Freedom The Open Source Way Contribute Articles or News to OSForgeOSForge HomeLogout from Forums
Contacting OSForgeOSForge HomeAbout OSForge
  

Root
 Contribute News
 Learning Corner
 Linux Distributions
 Linux Common FAQ's
 Discussion Forums
Community Gallery
Links Directory
Search OSForge
Networking
 Industry Updates
 Linux & Open Source
 Opinions
 Press Release
 Programming
 Security
 Web Development
White Paper
DAKCS Software Systems Introduces Innovative Customer Training Program
Zarafa and ClearCenter Announce ClearOS Integration
Zarafa Brings Browser-Based Enterprise Collaboration Client to CeBIT
Zarafa Catalyses Software Development Collaboration by Launching git.zarafa.com
Zarafa and LPI Partner on Training and Certification Program
Likewise to Grow Seattle-Area Workforce
Likewise CTO: Unleash and Secure Unstructured Data
Likewise Names Leading Open Source Voice as CTO
Launched: Zarafa Collaboration Platform 7.0 and Zarafa Archiver

View More »

Multiple Cross-Site Scripting Vulnerabilities In cPanel
By : Accidutzu [www] Find more article by Accidutzu on Securit
Wednesday the 7th, April 2004 at 07:07 AM (EDT)
Send this Story to a Friend Readers TalkBack (0) - 2676 Reads

Printer Friendly Page Printable format
Send this Story to a Friend Foward to Email

cPanel suffers from an extensive amount of XSS vulnerabilities in almost every variable returned to the user's browser.

"The Cpanel and WebHost Manager package allows you two interfaces for web hosting control. The Cpanel interface is a client side interface, which allows your customers to easily control a web hosting account. With the touch of a button, they can add e-mail accounts, access their files, backup their files, setup a shopping cart, and more. The WebHost Manager Interface allows Web Hosting companies to control the accounts on their servers. Through WebHost Manager you can add/remove accounts on a server, park or point domains, control bandwidth, disk space, and more."

Many variables in cPanel are prone to XSS attacks and are not properly filtered. This could easily lead to code execution inside the victim's browser using the trust relationship between the browser and the server.

cPanel supports filtering of HTML and scripts in input variables but according to cPanel the feature was not enabled in order to support third-party themes.

A new version is available which is immune to the vulnerabilities.

Vulnerable Systems:

  • cPanel version 9.1.0-R85

    • Immune Systems:
  • cPanel 2004 EDGE release


    •   
    Reader Rating from 1-5

     

    Poor very 
    1
    2
    3
    4
    5     		 very Excellent

    Talkback

    Post Your Talkback | View All Talkback (0 Posted)

     Currently there are no Talkback posted on "Multiple Cross-Site Scripting Vulnerabilities In cPanel", Click here to be the first to post a talkback.

    		 
    Scroll Up

       About | Term of Use | Privacy | Contact us | Tell a Friend | Advertise  

    		 OSForge News RSS Feed