CPanel 5.0/5.3/6.x - Admin Interface HTML Injection
| EKU-ID: 28345 | CVE: CVE-2003-0521;OSVDB-2277 | OSVDB-ID: |
| Author: Ory Segal | Published: 2003-07-07 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 28345 | CVE: CVE-2003-0521;OSVDB-2277 | OSVDB-ID: |
| Author: Ory Segal | Published: 2003-07-07 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/8119/info cPanel is prone to an HTML injection vulnerability. It is possible for remote attacks to include hostile HTML and script code in requests to cPanel, which will be logged. When logs are viewed by an administrative user, the injected code could be rendered in their browser in the context of the site hosting cPanel. GET /<script>alert(document.cookie);</script> HTTP/1.0 Host: www.example.com