Vulnerabilities > CVE-2006-6548 - Cross-Site Scripting vulnerability in Cpanel Webhost Manager 3.1.0

CVSS 3.5 - LOW

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

SINGLE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

cpanel

NVD

Published: 2006-12-14

Updated: 2018-10-17

Summary

Multiple cross-site scripting (XSS) vulnerabilities in cPanel WebHost Manager (WHM) 3.1.0 allow remote authenticated users to inject arbitrary web script or HTML via the domain parameter to (1) scripts2/changeemail, (2) scripts2/limitbw, or (3) scripts/rearrangeacct. NOTE: the feature parameter to scripts2/dofeaturemanager is already covered by CVE-2006-6198.

Vulnerable Configurations

Part	Description	Count
Application	Cpanel Cpanel Webhost Manager 3.1.0	1

References

http://securityreason.com/securityalert/2027
http://www.aria-security.com/forum/showthread.php?t=44
http://www.securityfocus.com/archive/1/453885/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/30792