CVE-2003-0521
CPanel 5.0/5.3/6.x - Admin Interface HTML Injection
Severity Score
5.4
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Cross-site scripting (XSS) vulnerability in cPanel 6.4.2 allows remote attackers to insert arbitrary HTML and possibly gain cPanel administrator privileges via script in a URL that is logged but not properly quoted when displayed via the (1) Error Log or (2) Latest Visitors screens.
Vulnerabilidad de secuenicias de comandos en sitios cruzados (XSS) en cPanel 6.4.2 permite a atacantes remotos insertar HTML arbitrario y posiblemente ganar privilegios de adminstrador de cPanel mediante código en una URL que es registrada pero no entrecomillada adecuadamente cuando se visualiza mediante el Registro de Errores o la pantalla de Últimos Visitantes.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2003-07-07 First Exploit
- 2003-07-08 CVE Reserved
- 2003-07-10 CVE Published
- 2024-08-08 CVE Updated
- 2024-11-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| http://marc.info/?l=bugtraq&m=105760556627616&w=2 | Mailing List |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/22874 | 2003-07-07 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cpanel Search vendor "Cpanel" | Cpanel Search vendor "Cpanel" for product "Cpanel" | 5.0 Search vendor "Cpanel" for product "Cpanel" and version "5.0" | - |
Affected
| ||||||
| Cpanel Search vendor "Cpanel" | Cpanel Search vendor "Cpanel" for product "Cpanel" | 5.3 Search vendor "Cpanel" for product "Cpanel" and version "5.3" | - |
Affected
| ||||||
| Cpanel Search vendor "Cpanel" | Cpanel Search vendor "Cpanel" for product "Cpanel" | 6.0 Search vendor "Cpanel" for product "Cpanel" and version "6.0" | - |
Affected
| ||||||
| Cpanel Search vendor "Cpanel" | Cpanel Search vendor "Cpanel" for product "Cpanel" | 6.2 Search vendor "Cpanel" for product "Cpanel" and version "6.2" | - |
Affected
| ||||||
| Cpanel Search vendor "Cpanel" | Cpanel Search vendor "Cpanel" for product "Cpanel" | 6.4 Search vendor "Cpanel" for product "Cpanel" and version "6.4" | - |
Affected
| ||||||
| Cpanel Search vendor "Cpanel" | Cpanel Search vendor "Cpanel" for product "Cpanel" | 6.4.1 Search vendor "Cpanel" for product "Cpanel" and version "6.4.1" | - |
Affected
| ||||||
| Cpanel Search vendor "Cpanel" | Cpanel Search vendor "Cpanel" for product "Cpanel" | 6.4.2 Search vendor "Cpanel" for product "Cpanel" and version "6.4.2" | - |
Affected
| ||||||
| Cpanel Search vendor "Cpanel" | Cpanel Search vendor "Cpanel" for product "Cpanel" | 6.4.2_stable_48 Search vendor "Cpanel" for product "Cpanel" and version "6.4.2_stable_48" | - |
Affected
| ||||||