Summary
Updated builds that resolve a Cross Site Scripting vulnerability are available
Security Rating
This vulnerability is rated as trivial by the cPanel Security Team
Description
The /frontend/x/htaccess/changepro.html is used by the cPanel X theme to display status of applying password protection to web-accessible directories. The “resname” query variable is not properly sanitized allowing an attacker to inject malicious HTML and Javascript. As only authenticated users are vulnerable to this attack the threat is trivial.
Solution
cPanel users should update to 11.10.0 build 16458 or higher, which contains a fix for this issue.
References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4022