CVE-2008-2070
cPanel 11.15.0-11.18.3 and 11.22-11.22.2 - Cross-Site Scripting via Malformed HTML Tags
Title source: llmExploitation Summary
EIP tracks 3 public exploits for CVE-2008-2070. PoCs published by Matteo Carli.
AI-analyzed exploit summary The provided text describes a cross-site scripting (XSS) vulnerability in cPanel due to improper input sanitization. It includes a sample URL demonstrating the injection point but lacks executable exploit code.
Description
The WHM interface 11.15.0 for cPanel 11.18 before 11.18.4 and 11.22 before 11.22.3 allows remote attackers to bypass XSS protection and inject arbitrary script or HTML via repeated, improperly-ordered "<" and ">" characters in the (1) issue parameter to scripts2/knowlegebase, (2) user parameter to scripts2/changeip, (3) search parameter to scripts2/listaccts, and other unspecified vectors.
Exploits (3)
The provided text describes a cross-site scripting (XSS) vulnerability in cPanel due to improper input sanitization. It includes a sample URL demonstrating the injection point but lacks executable exploit code.
This is a writeup describing a cross-site scripting (XSS) vulnerability in cPanel. It provides a URL example demonstrating the vulnerability but does not include executable exploit code.
The provided text describes a cross-site scripting (XSS) vulnerability in cPanel due to improper input sanitization. It includes a sample URL demonstrating the injection point but lacks executable exploit code.