Vulnerabilities > CVE-2003-0521 - Cross-Site Scripting vulnerability in cPanel

047910
CVSS 6.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
cpanel
exploit available
NVD
Published: 2003-08-18
Updated: 2016-10-18

Summary

Cross-site scripting (XSS) vulnerability in cPanel 6.4.2 allows remote attackers to insert arbitrary HTML and possibly gain cPanel administrator privileges via script in a URL that is logged but not properly quoted when displayed via the (1) Error Log or (2) Latest Visitors screens. This vulnerability is addressed in the following product release: cPanel, cPanel, 7.0

Vulnerable Configurations

Part Description Count
Application
Cpanel
8

Exploit-Db

descriptionCPanel 5.0/5.3/6.x Admin Interface HTML Injection Vulnerability. CVE-2003-0521. Webapps exploit for php platform
idEDB-ID:22874
last seen2016-02-02
modified2003-07-07
published2003-07-07
reporterOry Segal
sourcehttps://www.exploit-db.com/download/22874/
titleCPanel 5.0/5.3/6.x Admin Interface HTML Injection Vulnerability

References