CVE-2006-6198
cPanel WebHost Manager 3.1.0 - Authenticated Cross-Site Scripting via Multiple Parameters
Title source: llmExploitation Summary
EIP tracks 7 public exploits for CVE-2006-6198. PoCs published by Aria-Security Team.
AI-analyzed exploit summary The provided text describes a cross-site scripting (XSS) vulnerability in WebHost Manager version 3.1.0, where user-supplied input is not properly sanitized. The example URL demonstrates how an attacker could inject arbitrary script code into the browser context of an unsuspecting user.
Description
Multiple cross-site scripting (XSS) vulnerabilities in cPanel WebHost Manager (WHM) 3.1.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) email parameter to (a) scripts2/dochangeemail, the (2) supporturl parameter to (b) cgi/addon_configsupport.cgi, the (3) pkg parameter to (c) scripts/editpkg, the (4) domain parameter to (d) scripts2/domts2 and (e) scripts/editzone, the (5) feature parameter to (g) scripts2/dofeaturemanager, and the (6) ndomain parameter to (h) scripts/park.
Exploits (7)
The provided text describes a cross-site scripting (XSS) vulnerability in WebHost Manager version 3.1.0, where user-supplied input is not properly sanitized. The example URL demonstrates how an attacker could inject arbitrary script code into the browser context of an unsuspecting user.
The provided text describes a cross-site scripting (XSS) vulnerability in WebHost Manager version 3.1.0, where user-supplied input is not properly sanitized. The example URL demonstrates how an attacker could inject arbitrary script code into the browser context of an unsuspecting user.
The provided text describes a cross-site scripting (XSS) vulnerability in WebHost Manager version 3.1.0, where user-supplied input is not properly sanitized. The example URL demonstrates how an attacker could inject arbitrary script code into the browser context of an unsuspecting user.
The provided text describes a cross-site scripting (XSS) vulnerability in WebHost Manager version 3.1.0, where user-supplied input is not properly sanitized. The example URL demonstrates how an attacker could exploit this vulnerability to execute arbitrary script code in the context of the affected site.
The provided text describes a cross-site scripting (XSS) vulnerability in WebHost Manager version 3.1.0, where user-supplied input is not properly sanitized. The example URL demonstrates how an attacker could inject arbitrary script code.
The provided text describes a cross-site scripting (XSS) vulnerability in WebHost Manager version 3.1.0, where user-supplied input is not properly sanitized. The example URL demonstrates how an attacker could inject arbitrary script code.
The provided text describes a cross-site scripting (XSS) vulnerability in WebHost Manager version 3.1.0, where user-supplied input is not properly sanitized. The example URL demonstrates how an attacker could inject arbitrary script code via the 'supporturl' parameter.