Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in cPanel 9.1.0-R85 allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to testfile.html, (2) file parameter to erredit.html, (3) dns parameter to dnslook.html, (4) account parameter to ignorelist.html, (5) account parameter to showlog.html, (6) db parameter to repairdb.html, (7) login parameter to doaddftp.html (8) account parameter to editmsg.htm, or (9) ip parameter to del.html. NOTE: the dnslook.html vector was later reported to exist in cPanel 10.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cpanel | Cpanel | 9.1.0_r85 |
Related Weaknesses (CWE)
References
- http://marc.info/?l=bugtraq&m=108066561608676&w=2
- http://secunia.com/advisories/11244PatchVendor Advisory
- http://secunia.com/advisories/22984Vendor Advisory
- http://www.aria-security.com/forum/showthread.php?t=30
- http://www.cirt.net/advisories/cpanel_xss.shtmlPatchVendor Advisory
- http://www.osvdb.org/4208Vendor Advisory
- http://www.osvdb.org/4209Vendor Advisory
- http://www.osvdb.org/4210Vendor Advisory
- http://www.osvdb.org/4211
- http://www.osvdb.org/4212Vendor Advisory
- http://www.osvdb.org/4213Vendor Advisory
- http://www.osvdb.org/4214Vendor Advisory
- http://www.osvdb.org/4215Vendor Advisory
- http://www.osvdb.org/4243Vendor Advisory
- http://www.securityfocus.com/bid/10002Vendor Advisory
FAQ
What is CVE-2004-1875?
CVE-2004-1875 is a vulnerability with a CVSS score of 9.3 (HIGH). Multiple cross-site scripting (XSS) vulnerabilities in cPanel 9.1.0-R85 allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to testfile.html, (2) file parameter t...
How severe is CVE-2004-1875?
CVE-2004-1875 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-1875?
Check the references section above for vendor advisories and patch information. Affected products include: Cpanel Cpanel.