Vulnerabilities > CVE-2005-2021 - Cross-Site Scripting vulnerability in cPanel User Parameter

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

cpanel

nessus

exploit available

NVD

Published: 2005-06-20

Updated: 2008-09-05

Summary

Cross-site scripting (XSS) vulnerability in cPanel 9.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the user parameter in the login page.

Vulnerable Configurations

Part	Description	Count
Application	Cpanel Cpanel Cpanel 5.0 Cpanel Cpanel 5.3 Cpanel Cpanel 6.0 Cpanel Cpanel 6.2 Cpanel Cpanel 6.4 Cpanel Cpanel 6.4.1 Cpanel Cpanel 6.4.2 Cpanel Cpanel 6.4.2_Stable_48 Cpanel Cpanel 7.0 Cpanel Cpanel 8.0 Cpanel Cpanel 9.0 Cpanel Cpanel 9.1	12

Exploit-Db

description	cPanel 9.1 User Parameter Cross-Site Scripting Vulnerability. CVE-2005-2021 . Webapps exploit for php platform
id	EDB-ID:25846
last seen	2016-02-03
modified	2005-05-20
published	2005-05-20
reporter	[email protected]
source	https://www.exploit-db.com/download/25846/
title	cPanel <= 9.1 User Parameter Cross-Site Scripting Vulnerability

Nessus

NASL family	CGI abuses : XSS
NASL id	CPANEL_LOGIN_USER_XSS.NASL
description	The remote host is running cPanel. The version of cPanel on the remote host suffers from a cross-site scripting vulnerability due to its failure to sanitize user-supplied input to the
last seen	2020-06-01
modified	2020-06-02
plugin id	18540
published	2005-06-21
reporter	This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/18540
title	cPanel cpsrvd.pl user Parameter XSS

References

http://www.securityfocus.com/bid/13996