cPanel Security Advisory: CVE 2006-3337

Updated builds that resolve a Cross Site Scripting vulnerability are available

Security Rating
This vulnerability is rated as trivial by the cPanel Security Team

Input passed by certain query parameters to the files/select.html interface in the cPanel X theme are not properly sanitized before display by a user’s browser. A carefully crafted URL can be used to execute HTML or Javascript in the browser. If an attacker convinces an authenticated user to click on such a URL it is possible to inject malicious code in the user’s browser session.

This issue is resolved in the following cPanel 10.8.2 builds: STABLE-77, RELEASE-76, CURRENT-69. EDGE users should update to 11.1-EDGE_4.