Newsroom

cPanel Security Advisory: Entropychat Script Insertion Vulnerability

Summary
Updated builds of cPanel 10.8.1-EDGE_55 and 10.8.1-CURRENT_69 are available for users to resolve the Entropychat Script Insertion vulnerability.

Security Rating
This update has been given an Important level rating by the cPanel Security team.

Description
Input passed to the chat message field in the pre-installed Entropy Chat script isn’t properly sanitised before being used. This can be exploited to inject arbitrary script code, which will be executed in a user’s browser session in context of an affected site when the malicious user data is viewed with the Microsoft Internet Explorer browser.

Solution
cPanel users should update to 10.8.1  build 55 or higher, which contains a fix for this issue.

References
Discovered by: Andreas Sandblad, Secunia Research
http://secunia.com/advisories/16609/