Vulnerabilities > CVE-2005-2021 - Unspecified vulnerability in Cpanel

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

cpanel

nessus

exploit available

NVD

Published: 2005-06-20

Updated: 2024-11-20

Summary

Cross-site scripting (XSS) vulnerability in cPanel 9.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the user parameter in the login page.

Vulnerable Configurations

Part	Description	Count
Application	Cpanel Cpanel Cpanel 9.0 Cpanel Cpanel 6.4 Cpanel Cpanel 5.3 Cpanel Cpanel 5.0 Cpanel Cpanel 6.0 Cpanel Cpanel 6.4.1 Cpanel Cpanel 6.4.2_Stable_48 Cpanel Cpanel 6.4.2 Cpanel Cpanel 8.0 Cpanel Cpanel 9.1 Cpanel Cpanel 6.2 Cpanel Cpanel 7.0	12

Exploit-Db

description	cPanel 9.1 User Parameter Cross-Site Scripting Vulnerability. CVE-2005-2021 . Webapps exploit for php platform
id	EDB-ID:25846
last seen	2016-02-03
modified	2005-05-20
published	2005-05-20
reporter	[email protected]
source	https://www.exploit-db.com/download/25846/
title	cPanel <= 9.1 User Parameter Cross-Site Scripting Vulnerability

Nessus

NASL family	CGI abuses : XSS
NASL id	CPANEL_LOGIN_USER_XSS.NASL
description	The remote host is running cPanel. The version of cPanel on the remote host suffers from a cross-site scripting vulnerability due to its failure to sanitize user-supplied input to the
last seen	2020-06-01
modified	2020-06-02
plugin id	18540
published	2005-06-21
reporter	This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/18540
title	cPanel cpsrvd.pl user Parameter XSS

Summary

Vulnerable Configurations

Exploit-Db

Nessus

References