Description
Cross-site scripting (XSS) vulnerability in scripts/passwdmysql in cPanel WebHost Manager (WHM) 11.0.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the password parameter.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by s3rv3r_hack3r · textwebappsphp
https://www.exploit-db.com/exploits/29572
References (6)
Core 6
Core References
Various Sources x_refsource_misc
http://changelog.cpanel.net/index.cgi
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/459585/100/0/threaded
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/22474
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/24106
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/0568
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/32044
Scores
EPSS
0.0566
EPSS Percentile
90.4%
Details
Status
published
Products (24)
cpanel/webhost_manager
5.0
cpanel/webhost_manager
5.3
cpanel/webhost_manager
6.0
cpanel/webhost_manager
6.2
cpanel/webhost_manager
6.4
cpanel/webhost_manager
6.4.1
cpanel/webhost_manager
6.4.2
cpanel/webhost_manager
6.4.2_stable_48
cpanel/webhost_manager
7.0
cpanel/webhost_manager
8.0
... and 14 more
Published
Feb 12, 2007
Tracked Since
Feb 18, 2026