Updated builds of cPanel 10.8.1-EDGE_55 and 10.8.1-CURRENT_69 are available for users to resolve the Entropychat Script Insertion vulnerability.
This update has been given an Important level rating by the cPanel Security team.
Input passed to the chat message field in the pre-installed Entropy Chat script isn’t properly sanitised before being used. This can be exploited to inject arbitrary script code, which will be executed in a user’s browser session in context of an affected site when the malicious user data is viewed with the Microsoft Internet Explorer browser.
cPanel users should update to 10.8.1 build 55 or higher, which contains a fix for this issue.
Discovered by: Andreas Sandblad, Secunia Research