Description
Cross-site scripting (XSS) vulnerability in frontend/x3/files/fileop.html in cPanel 11.0 through 11.24.7 allows remote attackers to inject arbitrary web script or HTML via the fileop parameter.
Exploits (1)
References (6)
Core 6
Core References
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/37826
Exploit exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/10519
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2009/3608
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/37394
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/61231
Various Sources x_refsource_confirm
http://www.cpanel.net/2009/12/cpanel-cross-site-scripting-vulnerability.html
Scores
EPSS
0.0236
EPSS Percentile
85.0%
Details
CWE
CWE-79
Status
published
Products (16)
cpanel/cpanel
11.0
cpanel/cpanel
11.4.19
cpanel/cpanel
11.16
cpanel/cpanel
11.18
cpanel/cpanel
11.18.1
cpanel/cpanel
11.18.2
cpanel/cpanel
11.18.3
cpanel/cpanel
11.18.4
cpanel/cpanel
11.19.3
cpanel/cpanel
11.21 (2 CPE variants)
... and 6 more
Published
Apr 27, 2010
Tracked Since
Feb 18, 2026