Description
Cross-site scripting (XSS) vulnerability in cPanel 6.4.2 allows remote attackers to insert arbitrary HTML and possibly gain cPanel administrator privileges via script in a URL that is logged but not properly quoted when displayed via the (1) Error Log or (2) Latest Visitors screens.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Ory Segal · textwebappsphp
https://www.exploit-db.com/exploits/22874
References (1)
Core 1
Core References
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=105760556627616&w=2
Scores
EPSS
0.0094
EPSS Percentile
76.4%
Details
Status
published
Products (8)
cpanel/cpanel
5.0
cpanel/cpanel
5.3
cpanel/cpanel
6.0
cpanel/cpanel
6.2
cpanel/cpanel
6.4
cpanel/cpanel
6.4.1
cpanel/cpanel
6.4.2
cpanel/cpanel
6.4.2_stable_48
Published
Aug 18, 2003
Tracked Since
Feb 18, 2026