header-logo
Suggest Exploit
vendor:
cPanel
by:
SecurityFocus
4.3
CVSS
MEDIUM
HTML Injection
79
CWE
Product Name: cPanel
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

cPanel HTML Injection Vulnerability

cPanel is prone to an HTML injection vulnerability. It is possible for remote attackers to include hostile HTML and script code in requests to cPanel, which will be logged. When logs are viewed by an administrative user, the injected code could be rendered in their browser in the context of the site hosting cPanel.

Mitigation:

Ensure that user input is properly sanitized and validated before being used in the application.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/8119/info

cPanel is prone to an HTML injection vulnerability. It is possible for remote attacks to include hostile HTML and script code in requests to cPanel, which will be logged. When logs are viewed by an administrative user, the injected code could be rendered in their browser in the context of the site hosting cPanel.

GET /<script>alert(document.cookie);</script> HTTP/1.0
Host: www.example.com

Navigation

Suggest Exploit

Services By CQR