Self-XSS Vulnerability in EasyApache 4 Save Profile.
cPanel has assigned this vulnerability a CVSSv3.1 score of 1.8 CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N
When attempting to save an EasyApache profile with the same name as an existing profile, the resultant error message was not adequately encoded. This would allow an attacker to inject arbitrary code onto the rendered page.
This issue was discovered by the cPanel Security Team.
This issue is resolved in the following builds:
For information on cPanel & WHM Versions and the Release Process, read our documentation at: https://go.cpanel.net/versionformat
For the PGP-Signed message please download the following: