CVE-2008-2070
published 2008-05-12CVE-2008-2070: The WHM interface 11.15.0 for cPanel 11.18 before 11.18.4 and 11.22 before 11.22.3 allows remote attackers to bypass XSS protection and inject arbitrary script…
PriorityP422medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
2.18%
80.1th percentile
The WHM interface 11.15.0 for cPanel 11.18 before 11.18.4 and 11.22 before 11.22.3 allows remote attackers to bypass XSS protection and inject arbitrary script or HTML via repeated, improperly-ordered "" characters in the (1) issue parameter to scripts2/knowlegebase, (2) user parameter to scripts2/changeip, (3) search parameter to scripts2/listaccts, and other unspecified vectors.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cpanel | cpanel | — | — |
| cpanel | cpanel | — | — |
| cpanel | cpanel | — | — |
| cpanel | cpanel | — | — |
| cpanel | cpanel | — | — |
| cpanel | cpanel | — | — |
| cpanel | cpanel | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
cPanel 11.x - '/scripts2/listaccts?search' Cross-Site Scripting
exploitdb·2008-05-09
CVE-2008-2070 cPanel 11.x - '/scripts2/listaccts?search' Cross-Site Scripting
cPanel 11.x - '/scripts2/listaccts?search' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/29125/info
cPanel is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
http://www.example.com/scripts2/listaccts?searchtype=domain&search=[INJECTION]&acctp=30
Exploit-DB
cPanel 11.x - '/scripts2/changeip?user' Cross-Site Scripting
exploitdb·2008-05-09
CVE-2008-2070 cPanel 11.x - '/scripts2/changeip?user' Cross-Site Scripting
cPanel 11.x - '/scripts2/changeip?user' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/29125/info
cPanel is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
http://www.example.com/scripts2/changeip?domain=any&user=[INJECTION]
Exploit-DB
cPanel 11.x - '/scripts2/knowlegebase?issue' Cross-Site Scripting
exploitdb·2008-05-09
CVE-2008-2070 cPanel 11.x - '/scripts2/knowlegebase?issue' Cross-Site Scripting
cPanel 11.x - '/scripts2/knowlegebase?issue' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/29125/info
cPanel is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
http://www.example.com/scripts2/knowlegebase?issue=[INJECTION]&domain=
http://changelog.cpanel.net/?revision=0%3Btree=%3Btreeview=%3Bshow=html%3Bpp=25%3Bte=1314%3Bpg=2http://lists.grok.org.uk/pipermail/full-disclosure/2008-May/062197.htmlhttp://secunia.com/advisories/30166http://securityreason.com/securityalert/3866http://www.securityfocus.com/archive/1/491864/100/0/threadedhttp://www.securityfocus.com/bid/29125http://www.vupen.com/english/advisories/2008/1522/referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/42305http://changelog.cpanel.net/?revision=0%3Btree=%3Btreeview=%3Bshow=html%3Bpp=25%3Bte=1314%3Bpg=2http://lists.grok.org.uk/pipermail/full-disclosure/2008-May/062197.htmlhttp://secunia.com/advisories/30166http://securityreason.com/securityalert/3866http://www.securityfocus.com/archive/1/491864/100/0/threadedhttp://www.securityfocus.com/bid/29125http://www.vupen.com/english/advisories/2008/1522/referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/42305
2008-05-12
Published