A cross site scripting vulnerability has been discovered in our 11.24.x versions of cPanel that has been addressed and fixed in our 11.25.x series of the product.
This update has been rated as having a trivial security impact by the cPanel Security team.
The dofileop.html page in x3 for cPanel has been found to be vulnerable to a Cross Site Scripting vulnerablitly at the following URL:
The fileop variable in the dofileop.html was not being fully santized or validated correctly and invalid data could be injected into the URL.
cPanel users should upgrade to our 11.25.0+ series of WHM/cPanel which contain a fix for this issue.