CVE-2006-5883

Multiple cross-site scripting (XSS) vulnerabilities in cPanel 10 allow remote authenticated users to inject arbitrary web script or HTML via the (1) dir parameter in (a) seldir.html, and the (2) user and (3) dir parameters in (b) newuser.html.

CVSS v2.0 3.5 LOW

3.5^/10

CVSS v2.0 : LOW

Vector : AV:N/AC:M/Au:S/C:N/I:P/A:N

Exploitability : 6.8 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://aria-security.net/advisory/cpanel.txt	Exploit Vendor Advisory
http://secunia.com/advisories/22825
http://securityreason.com/securityalert/1847
http://www.osvdb.org/30386
http://www.osvdb.org/30387
http://www.securityfocus.com/archive/1/451374/100/0/threaded
http://www.securityfocus.com/bid/21027	Exploit
http://www.vupen.com/english/advisories/2006/4500

Configurations

Configuration 1 (hide)

cpe:2.3:a:cpanel:cpanel:10:*:*:*:*:*:*:*

History

No history.

Information

Published : 2006-11-14 19:07

Updated : 2024-02-28 11:01

NVD link : CVE-2006-5883

Mitre link : CVE-2006-5883

CVE.ORG link : CVE-2006-5883

JSON object : View

Products Affected

cpanel

cpanel

CWE

NVD-CWE-Other

{"id": "CVE-2006-5883", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2006-11-14T19:07:00.000", "references": [{"url": "http://aria-security.net/advisory/cpanel.txt", "tags": ["Exploit", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/22825", "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/1847", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/30386", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/30387", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/451374/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/21027", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2006/4500", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in cPanel 10 allow remote authenticated users to inject arbitrary web script or HTML via the (1) dir parameter in (a) seldir.html, and the (2) user and (3) dir parameters in (b) newuser.html."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en cPanel 10 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML de su elecci\u00f3n mediante el (1) par\u00e1metro dir en (a) seldir.html, y los par\u00e1metros (2) user y (3) dir en (b) newuser.html."}], "lastModified": "2018-10-17T21:45:45.513", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cpanel:cpanel:10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D0F23C1C-4F4E-4BFA-8FF2-51BF76EAE0C1"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}