Vulnerabilities > CVE-2006-5883 - Cross-Site Scripting vulnerability in Cpanel 10
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
SINGLE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Multiple cross-site scripting (XSS) vulnerabilities in cPanel 10 allow remote authenticated users to inject arbitrary web script or HTML via the (1) dir parameter in (a) seldir.html, and the (2) user and (3) dir parameters in (b) newuser.html.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
description cPanel 10 seldir.html dir Parameter XSS. CVE-2006-5883. Webapps exploit for php platform id EDB-ID:28982 last seen 2016-02-03 modified 2006-11-13 published 2006-11-13 reporter Aria-Security Team source https://www.exploit-db.com/download/28982/ title cPanel 10 seldir.html dir Parameter XSS description cPanel 10 newuser.html Multiple Parameter XSS. CVE-2006-5883. Webapps exploit for php platform id EDB-ID:28983 last seen 2016-02-03 modified 2006-11-13 published 2006-11-13 reporter Aria-Security Team source https://www.exploit-db.com/download/28983/ title cPanel 10 newuser.html Multiple Parameter XSS
References
- http://aria-security.net/advisory/cpanel.txt
- http://secunia.com/advisories/22825
- http://securityreason.com/securityalert/1847
- http://www.osvdb.org/30386
- http://www.osvdb.org/30387
- http://www.securityfocus.com/archive/1/451374/100/0/threaded
- http://www.securityfocus.com/bid/21027
- http://www.vupen.com/english/advisories/2006/4500