CVE-2004-2308

cPanel 9.1.0 - Cross-Site Scripting via dir Parameter in dohtaccess.html

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-2308. PoCs published by Fable.

AI-analyzed exploit summary The provided text describes a cross-site scripting (XSS) vulnerability in cPanel's 'dohtaccess.html' page due to insufficient sanitization of the 'dir' parameter. An attacker can inject arbitrary HTML or script code, potentially stealing cookie-based authentication credentials.

Description

Cross-site scripting (XSS) vulnerability in cPanel 9.1.0 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the dir parameter in dohtaccess.html.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Fable · textwebappscgi
https://www.exploit-db.com/exploits/23806

The provided text describes a cross-site scripting (XSS) vulnerability in cPanel's 'dohtaccess.html' page due to insufficient sanitization of the 'dir' parameter. An attacker can inject arbitrary HTML or script code, potentially stealing cookie-based authentication credentials.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: cPanel (version not specified)
Auth required
Prerequisites: Victim must be authenticated with valid credentials · Attacker must craft a malicious URL with the 'dir' parameter
MITRE ATT&CK
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/15485
Exploit mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/357231
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/9853

Scores

EPSS 0.0172
EPSS Percentile 74.7%

Details

Status published
Products (12)
cpanel/cpanel 5.0
cpanel/cpanel 5.3
cpanel/cpanel 6.0
cpanel/cpanel 6.2
cpanel/cpanel 6.4
cpanel/cpanel 6.4.1
cpanel/cpanel 6.4.2
cpanel/cpanel 6.4.2_stable_48
cpanel/cpanel 7.0
cpanel/cpanel 8.0
... and 2 more
Published Dec 31, 2004
Tracked Since Feb 18, 2026