-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 cPanel TSR 2021-0002 Full Disclosure SEC-581 Summary Self-XSS Vulnerability in EasyApache 4 Save Profile. Security Rating cPanel has assigned this vulnerability a CVSSv3.1 score of 1.8 CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N Description When attempting to save an EasyApache profile with the same name as an existing profile, the resultant error message was not adequately encoded. This would allow an attacker to inject arbitrary code onto the rendered page. Credits This issue was discovered by the cPanel Security Team. Solution This issue is resolved in the following builds: 11.94.0.3 11.92.0.12 11.86.0.37 -----BEGIN PGP SIGNATURE----- iQJIBAEBCgAyFiEEtnCbTMb0IHf2mEGRlSG+3KvZTd8FAmBPnCkUHHNlY3VyaXR5 QGNwYW5lbC5uZXQACgkQlSG+3KvZTd//Rw//aRL4AqMZ1mdLsCtngRufsYRSHssm ckWiy7m/NOlk0ouAwSWrevqnaVxW2RkRl9J3WIQ0K/d16VvsJEHwLg2wbWAWmYsO 3nZRHJqQ3oG6TnRXRsPmwud6ZKYK8aW+krT+iFk+P4dtt/Wt8U7jBW55yW0k4pm4 w04ftfwDB1CX3slYHOjlyFP8pN+zGN4ILd8YA6yL1X3cMvD7MsR0/1Jzot0gUJjB ttpcLqgQQfLcHQsO3FU2q8bH+HSGWvTgJx/aui0/mJr8Jmj3iTU7jkBmF7znuTvE LLJq3oT/UXcjNYazziLveCWifd8DHSnG1N3Tl4hk9Q2/TRDPk+lXfk4X7LaIIJVU 0hc0RyZKQxzJR13fwyu48kmivL1PopiZp4G9PWuE1QRHavL0ZVoVLoDfmzQFG06N qO2yxzGgMcLyrGde1GsKsT77ABi7nQLj+/IwXgVNqJ0rHaudGLPU7h6RVwkPy+5Y L66+JnodUrcUQVdxbvjRWYMokyIiMvqFif5QJm//ozhWw88ZQ1X0dxW1Jh9btM/a nq8Zzwke0Uk/drpUv6uvsOCorpayHMHVySAgyADt6O3OLk/MpEY3gxYEtnCrR9Y0 kXIEQpfDaH12yi+HPtvB+STmKJMM8mO8L5fqPsInnHfqTCYsscRxLDBOh4R2ncDj InMpnO3LyJLMU2Y= =asqK -----END PGP SIGNATURE-----