Summary
Updated builds that resolve a Cross Site Scripting vulnerability are available
Security Rating
This vulnerability is rated as trivial by the cPanel Security Team
Description
Input passed by certain query parameters to the files/select.html interface in the cPanel X theme are not properly sanitized before display by a user’s browser. A carefully crafted URL can be used to execute HTML or Javascript in the browser. If an attacker convinces an authenticated user to click on such a URL it is possible to inject malicious code in the user’s browser session.
Solution
This issue is resolved in the following cPanel 10.8.2 builds: STABLE-77, RELEASE-76, CURRENT-69. EDGE users should update to 11.1-EDGE_4.
References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3337