CVE-2006-5883

Multiple cross-site scripting (XSS) vulnerabilities in cPanel 10 allow remote authenticated users to inject arbitrary web script or HTML via the (1) dir parameter in (a) seldir.html, and the (2) user and (3) dir parameters in (b) newuser.html.

CVSS v2.0 3.5 LOW

3.5^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:N/AC:M/Au:S/C:N/I:P/A:N

Exploitability : 6.8 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://aria-security.net/advisory/cpanel.txt	Exploit Vendor Advisory
http://www.securityfocus.com/bid/21027	Exploit
http://www.osvdb.org/30386
http://www.osvdb.org/30387
http://secunia.com/advisories/22825
http://securityreason.com/securityalert/1847
http://www.vupen.com/english/advisories/2006/4500
http://www.securityfocus.com/archive/1/451374/100/0/threaded

Configurations

Configuration 1 (hide)

cpe:2.3:a:cpanel:cpanel:10:*:*:*:*:*:*:*

Information

Published : 2006-11-14 11:07

Updated : 2018-10-17 14:45

NVD link : CVE-2006-5883

Mitre link : CVE-2006-5883

JSON object : View

CWE

NVD-CWE-Other

Products Affected

cpanel

cpanel

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://aria-security.net/advisory/cpanel.txt", "name": "http://aria-security.net/advisory/cpanel.txt", "tags": ["Exploit", "Vendor Advisory"], "refsource": "MISC"}, {"url": "http://www.securityfocus.com/bid/21027", "name": "21027", "tags": ["Exploit"], "refsource": "BID"}, {"url": "http://www.osvdb.org/30386", "name": "30386", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.osvdb.org/30387", "name": "30387", "tags": [], "refsource": "OSVDB"}, {"url": "http://secunia.com/advisories/22825", "name": "22825", "tags": [], "refsource": "SECUNIA"}, {"url": "http://securityreason.com/securityalert/1847", "name": "1847", "tags": [], "refsource": "SREASON"}, {"url": "http://www.vupen.com/english/advisories/2006/4500", "name": "ADV-2006-4500", "tags": [], "refsource": "VUPEN"}, {"url": "http://www.securityfocus.com/archive/1/451374/100/0/threaded", "name": "20061112 CPanel Multiple Cross Site Scription", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in cPanel 10 allow remote authenticated users to inject arbitrary web script or HTML via the (1) dir parameter in (a) seldir.html, and the (2) user and (3) dir parameters in (b) newuser.html."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-5883", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "LOW", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2006-11-14T19:07Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:cpanel:cpanel:10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-17T21:45Z"}

3.5 /10