WHM/cPanel is prone to cross-site scripting
vulnerabilities because it fails to properly sanitize users inputs and
datastore files.
Due to the nature of this security flaw, I will not be posting a Proof of Concept until much later.
Type: XSS
Product: cPanel
Website: http://www.cpanel.net
Vulnerable Version: WHM 11.40 and prior.
Date: 11/11/2013
By: Prajith P <http://prajith.in>
Vendor Contact Timeline:
2013-111-11: 3:37 AM IST – Vendor contacted via email.
2013-111-11: 7:44 AM IST - Vendor confirmed vulnerability. and filed security report(case number 82701).
Due to the nature of this security flaw, I will not be posting a Proof of Concept until much later.
Type: XSS
Product: cPanel
Website: http://www.cpanel.net
Vulnerable Version: WHM 11.40 and prior.
Date: 11/11/2013
By: Prajith P <http://prajith.in>
Vendor Contact Timeline:
2013-111-11: 3:37 AM IST – Vendor contacted via email.
2013-111-11: 7:44 AM IST - Vendor confirmed vulnerability. and filed security report(case number 82701).
No comments:
Post a Comment