Vulnerabilities > CVE-2004-1849 - Cross-Site Scripting vulnerability in Cpanel 9.1

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

cpanel

NVD

Published: 2004-03-24

Updated: 2017-07-11

Summary

Multiple cross-site scripting (XSS) vulnerabilities in cPanel 9.1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to dodelautores.html or (2) handle parameter to addhandle.html.

Vulnerable Configurations

Part	Description	Count
Application	Cpanel Cpanel Cpanel 9.1	1

References

http://marc.info/?l=bugtraq&m=108006627005371&w=2
http://securitytracker.com/id?1009541
http://www.osvdb.org/4529
http://www.osvdb.org/4530
http://www.securityfocus.com/bid/9965
https://exchange.xforce.ibmcloud.com/vulnerabilities/15517