CVE-2006-6198

EPSS 1.7%

Multiple cross-site scripting (XSS) vulnerabilities in cPanel WebHost Manager (WHM) 3.1.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) email parameter to (a) scripts2/dochangeemail, the (2) supporturl parameter to (b) cgi/addon_configsupport.cgi, the (3) pkg parameter to (c) scripts/editpkg, the (4) domain parameter to (d) scripts2/domts2 and (e) scripts/editzone, the (5) feature parameter to (g) scripts2/dofeaturemanager, and the (6) ndomain parameter to (h) scripts/park.

Affected products

n/a · n/a

public PoCs found — 7

exploitdbwww.exploit-db.com/exploits/29183unverified exploitdbwww.exploit-db.com/exploits/29182unverified exploitdbwww.exploit-db.com/exploits/29187unverified exploitdbwww.exploit-db.com/exploits/29185unverified exploitdbwww.exploit-db.com/exploits/29184unverified exploitdbwww.exploit-db.com/exploits/29186unverified exploitdbwww.exploit-db.com/exploits/29188unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://securityreason.com/securityalert/1938 https://exchange.xforce.ibmcloud.com/vulnerabilities/30507 http://www.aria-security.com/forum/showthread.php?t=44 http://www.securityfocus.com/archive/1/452618/100/0/threaded http://www.securityfocus.com/bid/21288