Vulnerabilities > CVE-2004-2308 - Unspecified vulnerability in Cpanel

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
cpanel
nessus
exploit available

Summary

Cross-site scripting (XSS) vulnerability in cPanel 9.1.0 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the dir parameter in dohtaccess.html.

Exploit-Db

descriptioncPanel 5/6/7/8/9 dir Parameter Cross-Site Scripting Vulnerability. CVE-2004-2308. Webapps exploit for cgi platform
idEDB-ID:23806
last seen2016-02-02
modified2004-03-12
published2004-03-12
reporterFable
sourcehttps://www.exploit-db.com/download/23806/
titlecPanel 5/6/7/8/9 dir Parameter Cross-Site Scripting Vulnerability

Nessus

NASL familyCGI abuses
NASL idCPANEL_LOGIN_CMD_EXEC.NASL
descriptionThe version of cPanel installed on the remote host is version 9.1.0 (or earlier) and thus reportedly affected by multiple issues: - The dohtaccess.html script fails to sanitize input supplied by a user and is affected by a cross-site scripting vulnerability. (CVE-2004-2308) - Both the Login Page and resetpass functionality fail to sanitize user input and can be manipulated to execute arbitrary commands (CVE-2004-1769 & CVE-2004-1770). For example, the following URL demonstrates the id command being executed: http://www.example.com:2082/login/?user=|
last seen2020-06-01
modified2020-06-02
plugin id12097
published2004-03-14
reporterThis script is Copyright (C) 2004-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/12097
titlecPanel <= 9.1.0 Multiple Vulnerabilities