Vulnerabilities > CVE-2006-4293 - Cross-Site Scripting vulnerability in Cpanel 10
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Multiple cross-site scripting (XSS) vulnerabilities in cPanel 10 allow remote attackers to inject arbitrary web script or HTML via the (1) dir parameter in dohtaccess.html, or the (2) file parameter in (a) editit.html or (b) showfile.html.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
description cPanel 10.x dohtaccess.html dir Parameter XSS. CVE-2006-4293. Webapps exploit for php platform id EDB-ID:28413 last seen 2016-02-03 modified 2006-08-21 published 2006-08-21 reporter preth00nker source https://www.exploit-db.com/download/28413/ title cPanel 10.x dohtaccess.html dir Parameter XSS description cPanel 10.x showfile.html file Parameter XSS. CVE-2006-4293 . Webapps exploit for php platform id EDB-ID:28415 last seen 2016-02-03 modified 2006-08-21 published 2006-08-21 reporter preth00nker source https://www.exploit-db.com/download/28415/ title cPanel 10.x showfile.html file Parameter XSS description cPanel 10.x editit.html file Parameter XSS. CVE-2006-4293. Webapps exploit for php platform id EDB-ID:28414 last seen 2016-02-03 modified 2006-08-21 published 2006-08-21 reporter preth00nker source https://www.exploit-db.com/download/28414/ title cPanel 10.x editit.html file Parameter XSS
References
- http://secunia.com/advisories/21592
- http://securityreason.com/securityalert/1442
- http://www.osvdb.org/28041
- http://www.osvdb.org/28042
- http://www.osvdb.org/28043
- http://www.securityfocus.com/archive/1/443637/100/0/threaded
- http://www.securityfocus.com/bid/19624
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28447