CVE-2004-1875

Cpanel - XSS

Title source: rule
STIX 2.1

Description

Multiple cross-site scripting (XSS) vulnerabilities in cPanel 9.1.0-R85 allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to testfile.html, (2) file parameter to erredit.html, (3) dns parameter to dnslook.html, (4) account parameter to ignorelist.html, (5) account parameter to showlog.html, (6) db parameter to repairdb.html, (7) login parameter to doaddftp.html (8) account parameter to editmsg.htm, or (9) ip parameter to del.html. NOTE: the dnslook.html vector was later reported to exist in cPanel 10.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Aria-Security Team · textwebappsphp
https://www.exploit-db.com/exploits/29071

References (18)

Core 18
Core References
Vendor Advisory vdb-entry x_refsource_osvdb
http://www.osvdb.org/4243
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=108066561608676&w=2
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/21142
Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/11244
Vendor Advisory vdb-entry x_refsource_osvdb
http://www.osvdb.org/4215
Patch, Vendor Advisory x_refsource_misc
http://www.cirt.net/advisories/cpanel_xss.shtml
Vendor Advisory vdb-entry x_refsource_osvdb
http://www.osvdb.org/4210
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/15671
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/22984
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/4211
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/4658
Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/10002
Vendor Advisory vdb-entry x_refsource_osvdb
http://www.osvdb.org/4212
Vendor Advisory vdb-entry x_refsource_osvdb
http://www.osvdb.org/4208
Vendor Advisory vdb-entry x_refsource_osvdb
http://www.osvdb.org/4213
Vendor Advisory vdb-entry x_refsource_osvdb
http://www.osvdb.org/4214
Vendor Advisory vdb-entry x_refsource_osvdb
http://www.osvdb.org/4209

Scores

EPSS 0.0892
EPSS Percentile 92.6%

Details

CWE
CWE-79
Status published
Products (1)
cpanel/cpanel 9.1.0_r85
Published Mar 30, 2004
Tracked Since Feb 18, 2026