cPanel up to 74.0.7 Site Software Moderation Interface cross site scripting

A vulnerability was found in cPanel up to 74.0.7 (Hosting Control Software). It has been rated as problematic. This issue affects an unknown part of the component Site Software Moderation Interface. The manipulation with an unknown input leads to a cross site scripting vulnerability. Using CWE to declare the problem leads to CWE-80. Impacted is integrity. An attacker might be able to inject arbitrary html and script code into the web site. This would alter the appearance and would make it possible to initiate further attacks against site visitors.

The weakness was released 08/01/2019. The advisory is shared at documentation.cpanel.net. The identification of this vulnerability is CVE-2018-20876 since 07/31/2019. The attack may be initiated remotely. Neither technical details nor an exploit are publicly available.

Upgrading to version 74.0.8 eliminates this vulnerability.

Entries connected to this vulnerability are available at 139118, 139119, 139120 and 139122.

Type

• Hosting Control Software

Name

• cPanel

• 🔒
• 🔒
• 🔒

• 🔒
• 🔒
• 🔒

VulDB Meta Base Score: 3.5
VulDB Meta Temp Score: 3.4

VulDB Base Score: 3.5
VulDB Temp Score: 3.4
VulDB Vector: 🔒
VulDB Reliability: 🔍

VulDB Base Score: 🔒
VulDB Temp Score: 🔒
VulDB Reliability: 🔍
Class: Cross site scripting (CWE-80)
Local: No
Remote: Yes

Availability: 🔒
Status: Not defined

Price Prediction: 🔍
Current Price Estimation: 🔒

Threat Intelligenceinfoedit

Threat: 🔍
Adversaries: 🔍
Geopolitics: 🔍
Economy: 🔍
Predictions: 🔍
Remediation: 🔍Recommended: Upgrade
Status: 🔍

0-Day Time: 🔒

Upgrade: cPanel 74.0.8

07/31/2019 CVE assigned
08/01/2019 +1 days Advisory disclosed
08/01/2019 +0 days VulDB entry created
08/01/2019 +0 days VulDB last updateAdvisory: documentation.cpanel.net

CVE: CVE-2018-20876 (🔒)
See also: 🔒

Created: 08/01/2019 04:54 PM
Complete: 🔍

Comments

Comments are closed.