CVE-2004-2308
cPanel 9.1.0 - Cross-Site Scripting via dir Parameter in dohtaccess.html
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2004-2308. PoCs published by Fable.
AI-analyzed exploit summary The provided text describes a cross-site scripting (XSS) vulnerability in cPanel's 'dohtaccess.html' page due to insufficient sanitization of the 'dir' parameter. An attacker can inject arbitrary HTML or script code, potentially stealing cookie-based authentication credentials.
Description
Cross-site scripting (XSS) vulnerability in cPanel 9.1.0 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the dir parameter in dohtaccess.html.
Exploits (1)
The provided text describes a cross-site scripting (XSS) vulnerability in cPanel's 'dohtaccess.html' page due to insufficient sanitization of the 'dir' parameter. An attacker can inject arbitrary HTML or script code, potentially stealing cookie-based authentication credentials.