Vulnerabilities > CVE-2006-5535 - Cross-Site Scripting vulnerability in Cpanel 10.9.0R50

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
cpanel
exploit available

Summary

Multiple cross-site scripting (XSS) vulnerabilities in WebHostManager (WHM) 10.8.0 cPanel 10.9.0 R50 allow remote attackers to inject arbitrary web script or HTML via the (1) theme parameter to scripts/dosetmytheme and the (2) template parameter to scripts2/editzonetemplate. This vulnerability is addressed in the following product release: cPanel, cPanel, 10.9.0-R56

Vulnerable Configurations

Part Description Count
Application
Cpanel
1

Exploit-Db

  • descriptioncPanel 10.9 dosetmytheme theme Parameter XSS. CVE-2006-5535. Webapps exploit for php platform
    idEDB-ID:28843
    last seen2016-02-03
    modified2006-10-23
    published2006-10-23
    reporterCrackers_Child
    sourcehttps://www.exploit-db.com/download/28843/
    titlecPanel 10.9 - DoSetmytheme theme Parameter XSS
  • descriptioncPanel 10.9 editzonetemplate template Parameter XSS. CVE-2006-5535. Webapps exploit for php platform
    idEDB-ID:28844
    last seen2016-02-03
    modified2006-10-23
    published2006-10-23
    reporterCrackers_Child
    sourcehttps://www.exploit-db.com/download/28844/
    titlecPanel 10.9 editzonetemplate template Parameter XSS