CVE-2007-4022

cPanel 10.9.1 - Cross-Site Scripting via resname Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-4022. PoCs published by Aria-Security Team.

AI-analyzed exploit summary The provided text describes a cross-site scripting (XSS) vulnerability in cPanel 10.9.1, where user-supplied input is not properly sanitized. The exploit involves crafting a malicious URL to execute arbitrary script code in the context of the affected site.

Description

Cross-site scripting (XSS) vulnerability in frontend/x/htaccess/changepro.html in cPanel 10.9.1 allows remote attackers to inject arbitrary web script or HTML via the resname parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Aria-Security Team · textwebappsphp

https://www.exploit-db.com/exploits/30380

View Code ZIP pw:eip

The provided text describes a cross-site scripting (XSS) vulnerability in cPanel 10.9.1, where user-supplied input is not properly sanitized. The exploit involves crafting a malicious URL to execute arbitrary script code in the context of the affected site.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: cPanel 10.9.1

No auth needed

Prerequisites: Access to the target cPanel instance · Victim interaction to click the malicious URL

MITRE ATT&CK