Summary
Self-XSS Vulnerability in EasyApache 4 Save Profile.
Security Rating
cPanel has assigned this vulnerability a CVSSv3.1 score of 1.8 CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N
Description
When attempting to save an EasyApache profile with the same name as an existing profile, the resultant error message was not adequately encoded. This would allow an attacker to inject arbitrary code onto the rendered page.
Credits
This issue was discovered by the cPanel Security Team.
Solution
This issue is resolved in the following builds:
11.94.0.3
11.92.0.12
11.86.0.37
For information on cPanel & WHM Versions and the Release Process, read our documentation at: https://go.cpanel.net/versionformat
For the PGP-Signed message please download the following: