CVE-2007-0890

cPanel WebHost Manager 11.0.0 - Cross-Site Scripting via Password Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-0890. PoCs published by s3rv3r_hack3r.

AI-analyzed exploit summary The provided text describes a cross-site scripting (XSS) vulnerability in cPanel 11.0.0 and prior versions. It includes a proof-of-concept URL demonstrating how an attacker could inject arbitrary script code via the 'password' parameter.

Description

Cross-site scripting (XSS) vulnerability in scripts/passwdmysql in cPanel WebHost Manager (WHM) 11.0.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the password parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED
by s3rv3r_hack3r · textwebappsphp
https://www.exploit-db.com/exploits/29572

The provided text describes a cross-site scripting (XSS) vulnerability in cPanel 11.0.0 and prior versions. It includes a proof-of-concept URL demonstrating how an attacker could inject arbitrary script code via the 'password' parameter.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: cPanel 11.0.0 and prior
No auth needed
Prerequisites: Access to the vulnerable cPanel URL
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Various Sources x_refsource_misc
http://changelog.cpanel.net/index.cgi
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/459585/100/0/threaded
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/22474
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/24106
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/0568
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/32044

Scores

EPSS 0.0176
EPSS Percentile 75.2%

Details

Status published
Products (24)
cpanel/webhost_manager 5.0
cpanel/webhost_manager 5.3
cpanel/webhost_manager 6.0
cpanel/webhost_manager 6.2
cpanel/webhost_manager 6.4
cpanel/webhost_manager 6.4.1
cpanel/webhost_manager 6.4.2
cpanel/webhost_manager 6.4.2_stable_48
cpanel/webhost_manager 7.0
cpanel/webhost_manager 8.0
... and 14 more
Published Feb 12, 2007
Tracked Since Feb 18, 2026