CVE-2007-0890

Cross-site scripting (XSS) vulnerability in scripts/passwdmysql in cPanel WebHost Manager (WHM) 11.0.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the password parameter.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://changelog.cpanel.net/index.cgi
http://osvdb.org/32044
http://secunia.com/advisories/24106
http://www.securityfocus.com/archive/1/459585/100/0/threaded
http://www.securityfocus.com/bid/22474	Exploit
http://www.vupen.com/english/advisories/2007/0568

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cpanel:webhost_manager:5.0:::::::*
	cpe:2.3:a:cpanel:webhost_manager:5.3:::::::*
	cpe:2.3:a:cpanel:webhost_manager:6.0:::::::*
	cpe:2.3:a:cpanel:webhost_manager:6.2:::::::*
	cpe:2.3:a:cpanel:webhost_manager:6.4:::::::*
	cpe:2.3:a:cpanel:webhost_manager:6.4.1:::::::*
	cpe:2.3:a:cpanel:webhost_manager:6.4.2:::::::*
	cpe:2.3:a:cpanel:webhost_manager:6.4.2_stable_48:::::::*
	cpe:2.3:a:cpanel:webhost_manager:7.0:::::::*
	cpe:2.3:a:cpanel:webhost_manager:8.0:::::::*
	cpe:2.3:a:cpanel:webhost_manager:9.0:::::::*
	cpe:2.3:a:cpanel:webhost_manager:9.1:::::::*
	cpe:2.3:a:cpanel:webhost_manager:9.1.0_r85:::::::*
	cpe:2.3:a:cpanel:webhost_manager:9.4.1_r64:::::::*
	cpe:2.3:a:cpanel:webhost_manager:9.9.1_r3:::::::*
	cpe:2.3:a:cpanel:webhost_manager:10.2.0_r82:::::::*
	cpe:2.3:a:cpanel:webhost_manager:10.6.0_r137:::::::*
	cpe:2.3:a:cpanel:webhost_manager:10.8.1_113:::::::*
	cpe:2.3:a:cpanel:webhost_manager:10.8.1_build84:::::::*
	cpe:2.3:a:cpanel:webhost_manager:10.8.2_118:::::::*
	cpe:2.3:a:cpanel:webhost_manager:10.9:::::::*
	cpe:2.3:a:cpanel:webhost_manager:11:::::::*
	cpe:2.3:a:cpanel:webhost_manager:11.0:::::::*
	cpe:2.3:a:cpanel:webhost_manager:11_beta:::::::*

History

No history.

Information

Published : 2007-02-12 23:28

Updated : 2018-10-16 16:35

NVD link : CVE-2007-0890

Mitre link : CVE-2007-0890

CVE.ORG link : CVE-2007-0890

JSON object : View

Products Affected

cpanel

webhost_manager

CWE

NVD-CWE-Other

{"id": "CVE-2007-0890", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-02-12T23:28:00.000", "references": [{"url": "http://changelog.cpanel.net/index.cgi", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/32044", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/24106", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/459585/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/22474", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2007/0568", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in scripts/passwdmysql in cPanel WebHost Manager (WHM) 11.0.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the password parameter."}, {"lang": "es", "value": "Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en scripts/passwdmysql en cPanel WebHost Manager (WHM) 11.0.0 y anteriores permite a un atacante remoto inyectar secuencias de comandos web o HTML a trav\u00e9s del par\u00e1metro password."}], "lastModified": "2018-10-16T16:35:05.187", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cpanel:webhost_manager:5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DAE7E44B-47EB-44E6-8909-295B8612C271"}, {"criteria": "cpe:2.3:a:cpanel:webhost_manager:5.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6A74988D-80E0-4B28-95AF-D6EFDC7221F0"}, {"criteria": "cpe:2.3:a:cpanel:webhost_manager:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "03A9A37F-22E5-4B37-9015-296C9F110DA4"}, {"criteria": "cpe:2.3:a:cpanel:webhost_manager:6.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "24998E50-B477-4B22-90BF-C3F66E15FD9B"}, {"criteria": "cpe:2.3:a:cpanel:webhost_manager:6.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1091EAE0-8355-4DFE-8469-CB8E0B270B8D"}, {"criteria": "cpe:2.3:a:cpanel:webhost_manager:6.4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "24DD69B3-6EB5-4A81-A7BB-799E738E23CF"}, {"criteria": "cpe:2.3:a:cpanel:webhost_manager:6.4.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "331E0D8F-D77F-4582-A27D-8CF3F73D4AF8"}, {"criteria": "cpe:2.3:a:cpanel:webhost_manager:6.4.2_stable_48:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "573F957A-A595-4D87-A204-FB54F5759225"}, {"criteria": "cpe:2.3:a:cpanel:webhost_manager:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B3D8DE9D-191D-47BC-8E85-AA6990C60410"}, {"criteria": "cpe:2.3:a:cpanel:webhost_manager:8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A54CCB7E-A70D-433A-A441-ABFC64C130D7"}, {"criteria": "cpe:2.3:a:cpanel:webhost_manager:9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E80D1C2A-881A-45BC-8264-24783B0054F9"}, {"criteria": "cpe:2.3:a:cpanel:webhost_manager:9.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "70EF3BD3-8466-41E2-AD35-C55909305C46"}, {"criteria": "cpe:2.3:a:cpanel:webhost_manager:9.1.0_r85:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "667CFE82-4242-4CDB-9BBB-B79131AA926A"}, {"criteria": "cpe:2.3:a:cpanel:webhost_manager:9.4.1_r64:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B5965DEE-87EC-48F7-A145-0D4F6FA1B1AD"}, {"criteria": "cpe:2.3:a:cpanel:webhost_manager:9.9.1_r3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7D7CA174-C210-495D-A7FB-8118E75203F8"}, {"criteria": "cpe:2.3:a:cpanel:webhost_manager:10.2.0_r82:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6DB4702D-EB15-48F9-A611-C70D924982CE"}, {"criteria": "cpe:2.3:a:cpanel:webhost_manager:10.6.0_r137:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E726334C-AAE6-4F75-87E1-74AA0225AE7C"}, {"criteria": "cpe:2.3:a:cpanel:webhost_manager:10.8.1_113:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F4F4A77A-A14F-4245-B2B7-7AC52F27DC33"}, {"criteria": "cpe:2.3:a:cpanel:webhost_manager:10.8.1_build84:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "63017CB6-87A9-4071-BD05-3DF327287DD9"}, {"criteria": "cpe:2.3:a:cpanel:webhost_manager:10.8.2_118:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2694D93E-3007-4AAF-BBEC-883C4CF7C408"}, {"criteria": "cpe:2.3:a:cpanel:webhost_manager:10.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "36E521FE-1070-47C0-94D7-878A92C27659"}, {"criteria": "cpe:2.3:a:cpanel:webhost_manager:11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "21E68BEE-8F02-4D92-AFE9-C26D9479139B"}, {"criteria": "cpe:2.3:a:cpanel:webhost_manager:11.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F65B4DDB-DD92-4602-AF30-DC4945BE9C30"}, {"criteria": "cpe:2.3:a:cpanel:webhost_manager:11_beta:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8CA5AD81-D28D-4BAA-A5A5-056593C40978"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}