Vulnerabilities > CVE-2006-6198 - Cross-Site Scripting vulnerability in Cpanel Webhost Manager 3.1.0

047910
CVSS 6.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
SINGLE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
cpanel
exploit available
NVD
Published: 2006-12-01
Updated: 2018-10-17

Summary

Multiple cross-site scripting (XSS) vulnerabilities in cPanel WebHost Manager (WHM) 3.1.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) email parameter to (a) scripts2/dochangeemail, the (2) supporturl parameter to (b) cgi/addon_configsupport.cgi, the (3) pkg parameter to (c) scripts/editpkg, the (4) domain parameter to (d) scripts2/domts2 and (e) scripts/editzone, the (5) feature parameter to (g) scripts2/dofeaturemanager, and the (6) ndomain parameter to (h) scripts/park.

Vulnerable Configurations

Part Description Count
Application
Cpanel
1

Exploit-Db

  • descriptioncPanel WebHost Manager 3.1 park ndomain Parameter XSS. CVE-2006-6198 . Webapps exploit for php platform
    idEDB-ID:29188
    last seen2016-02-03
    modified2006-11-25
    published2006-11-25
    reporterAria-Security Team
    sourcehttps://www.exploit-db.com/download/29188/
    titlecPanel WebHost Manager 3.1 park ndomain Parameter XSS
  • descriptioncPanel WebHost Manager 3.1 domts2 domain Parameter XSS. CVE-2006-6198. Webapps exploit for php platform
    idEDB-ID:29185
    last seen2016-02-03
    modified2006-11-25
    published2006-11-25
    reporterAria-Security Team
    sourcehttps://www.exploit-db.com/download/29185/
    titlecPanel WebHost Manager 3.1 domts2 domain Parameter XSS
  • descriptioncPanel WebHost Manager 3.1 dochangeemail email Parameter XSS. CVE-2006-6198 . Webapps exploit for php platform
    idEDB-ID:29182
    last seen2016-02-03
    modified2006-11-25
    published2006-11-25
    reporterAria-Security Team
    sourcehttps://www.exploit-db.com/download/29182/
    titlecPanel WebHost Manager 3.1 dochangeemail email Parameter XSS
  • descriptioncPanel WebHost Manager 3.1 addon_configsupport.cgi supporturl Parameter XSS. CVE-2006-6198. Webapps exploit for php platform
    idEDB-ID:29183
    last seen2016-02-03
    modified2006-11-25
    published2006-11-25
    reporterAria-Security Team
    sourcehttps://www.exploit-db.com/download/29183/
    titlecPanel WebHost Manager 3.1 addon_configsupport.cgi supporturl Parameter XSS
  • descriptioncPanel WebHost Manager 3.1 dofeaturemanager feature Parameter XSS. CVE-2006-6198. Webapps exploit for php platform
    idEDB-ID:29187
    last seen2016-02-03
    modified2006-11-25
    published2006-11-25
    reporterAria-Security Team
    sourcehttps://www.exploit-db.com/download/29187/
    titlecPanel WebHost Manager 3.1 dofeaturemanager feature Parameter XSS
  • descriptioncPanel WebHost Manager 3.1 editzone domain Parameter XSS. CVE-2006-6198. Webapps exploit for php platform
    idEDB-ID:29186
    last seen2016-02-03
    modified2006-11-25
    published2006-11-25
    reporterAria-Security Team
    sourcehttps://www.exploit-db.com/download/29186/
    titlecPanel WebHost Manager 3.1 editzone domain Parameter XSS
  • descriptioncPanel WebHost Manager 3.1 editpkg pkg Parameter XSS. CVE-2006-6198. Webapps exploit for php platform
    idEDB-ID:29184
    last seen2016-02-03
    modified2006-11-25
    published2006-11-25
    reporterAria-Security Team
    sourcehttps://www.exploit-db.com/download/29184/
    titlecPanel WebHost Manager 3.1 editpkg pkg Parameter XSS

References