CVE-2017-11441

MEDIUM

Cpanel Whm < 56.0.50 - XSS

Title source: rule

Description

The WHM Upload Locale interface in cPanel before 56.0.51, 58.x before 58.0.52, 60.x before 60.0.45, 62.x before 62.0.27, 64.x before 64.0.33, and 66.x before 66.0.2 has XSS via a locale filename, aka SEC-297.

References (1)

[Vendor Advisory] https://news.cpanel.com/cpanel-tsr-2017-0004-full-disclosure/

Scores

CVSS v3 5.4

EPSS 0.0029

EPSS Percentile 52.0%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (50)

cpanel/whm < 56.0.50

cpanel/whm

... and 40 more

Published Jul 19, 2017

Tracked Since Feb 18, 2026