Newsroom

cPanel Security Advisory: CVE 2006-5883

Summary
Updated builds that resolve a Cross Site Scripting vulnerability are available

Security Rating
This vulnerability is rated as trivial by the cPanel Security Team

Description
Input passed by certain query parameters to the files/select.html interface in the cPanel X theme are not properly sanitized before display by a user’s browser. A carefully crafted URL can be used to execute HTML or Javascript in the browser. If an attacker convinces an authenticated user to click on such a URL it is possible to inject malicious code in the user’s browser session.

Solution
This issue is resolved in the following cPanel 10.8.2 builds: STABLE-77, RELEASE-76, CURRENT-69. EDGE users should update to 11.1-EDGE_4.

References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3337