Vulnerabilities > CVE-2004-2308 - Unspecified vulnerability in Cpanel
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Cross-site scripting (XSS) vulnerability in cPanel 9.1.0 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the dir parameter in dohtaccess.html.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 12 |
Exploit-Db
description | cPanel 5/6/7/8/9 dir Parameter Cross-Site Scripting Vulnerability. CVE-2004-2308. Webapps exploit for cgi platform |
id | EDB-ID:23806 |
last seen | 2016-02-02 |
modified | 2004-03-12 |
published | 2004-03-12 |
reporter | Fable |
source | https://www.exploit-db.com/download/23806/ |
title | cPanel 5/6/7/8/9 dir Parameter Cross-Site Scripting Vulnerability |
Nessus
NASL family | CGI abuses |
NASL id | CPANEL_LOGIN_CMD_EXEC.NASL |
description | The version of cPanel installed on the remote host is version 9.1.0 (or earlier) and thus reportedly affected by multiple issues: - The dohtaccess.html script fails to sanitize input supplied by a user and is affected by a cross-site scripting vulnerability. (CVE-2004-2308) - Both the Login Page and resetpass functionality fail to sanitize user input and can be manipulated to execute arbitrary commands (CVE-2004-1769 & CVE-2004-1770). For example, the following URL demonstrates the id command being executed: http://www.example.com:2082/login/?user=| |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 12097 |
published | 2004-03-14 |
reporter | This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/12097 |
title | cPanel <= 9.1.0 Multiple Vulnerabilities |