cPanel Security Advisory: CVE 2007-4022

Updated builds that resolve a Cross Site Scripting vulnerability are available

Security Rating
This vulnerability is rated as trivial by the cPanel Security Team

The /frontend/x/htaccess/changepro.html is used by the cPanel X theme to display status of applying password protection to web-accessible directories. The “resname” query variable is not properly sanitized allowing an attacker to inject malicious HTML and Javascript. As only authenticated users are vulnerable to this attack the threat is trivial.

cPanel users should update to 11.10.0 build 16458 or higher, which contains a fix for this issue.


Posted in: News, Security | Tagged: