CVE-2006-4293

Multiple cross-site scripting (XSS) vulnerabilities in cPanel 10 allow remote attackers to inject arbitrary web script or HTML via the (1) dir parameter in dohtaccess.html, or the (2) file parameter in (a) editit.html or (b) showfile.html.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://secunia.com/advisories/21592	Exploit Vendor Advisory
http://www.securityfocus.com/bid/19624
http://www.osvdb.org/28041
http://www.osvdb.org/28042
http://www.osvdb.org/28043
http://securityreason.com/securityalert/1442
https://exchange.xforce.ibmcloud.com/vulnerabilities/28447
http://www.securityfocus.com/archive/1/443637/100/0/threaded

Configurations

Configuration 1 (hide)

cpe:2.3:a:cpanel:cpanel:10:*:*:*:*:*:*:*

Information

Published : 2006-08-22 10:04

Updated : 2018-10-17 14:34

NVD link : CVE-2006-4293

Mitre link : CVE-2006-4293

JSON object : View

CWE

NVD-CWE-Other

Products Affected

cpanel

cpanel

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://secunia.com/advisories/21592", "name": "21592", "tags": ["Exploit", "Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.securityfocus.com/bid/19624", "name": "19624", "tags": [], "refsource": "BID"}, {"url": "http://www.osvdb.org/28041", "name": "28041", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.osvdb.org/28042", "name": "28042", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.osvdb.org/28043", "name": "28043", "tags": [], "refsource": "OSVDB"}, {"url": "http://securityreason.com/securityalert/1442", "name": "1442", "tags": [], "refsource": "SREASON"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28447", "name": "cpanel-dohtaccess-xss(28447)", "tags": [], "refsource": "XF"}, {"url": "http://www.securityfocus.com/archive/1/443637/100/0/threaded", "name": "20060816 Multiple xxs cPanel 10", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in cPanel 10 allow remote attackers to inject arbitrary web script or HTML via the (1) dir parameter in dohtaccess.html, or the (2) file parameter in (a) editit.html or (b) showfile.html."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-4293", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2006-08-22T17:04Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:cpanel:cpanel:10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-17T21:34Z"}

4.3 /10