Lucene search

MitreCVE-2006-6548

HistoryDec 14, 2006 - 6:28 p.m.

CVE-2006-6548

2006-12-1418:28:00

mitre

web.nvd.nist.gov

cpanel

whm

xss

vulnerabilities

web script

html

remote users

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

AI Score

5.4

Confidence

High

EPSS

0.006

Percentile

79.3%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in cPanel WebHost Manager (WHM) 3.1.0 allow remote authenticated users to inject arbitrary web script or HTML via the domain parameter to (1) scripts2/changeemail, (2) scripts2/limitbw, or (3) scripts/rearrangeacct. NOTE: the feature parameter to scripts2/dofeaturemanager is already covered by CVE-2006-6198.

Affected configurations

Nvd

Node

cpanelwebhost_managerMatch3.1.0

VendorProductVersionCPE
cpanelwebhost_manager3.1.0cpe:2.3:a:cpanel:webhost_manager:3.1.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cpanel	webhost_manager	3.1.0	cpe:2.3:a:cpanel:webhost_manager:3.1.0:::::::*

References

securityreason.com/securityalert/2027

www.aria-security.com/forum/showthread.php?t=44

www.securityfocus.com/archive/1/453885/100/0/threaded

exchange.xforce.ibmcloud.com/vulnerabilities/30792

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

AI Score

5.4

Confidence

High

EPSS

0.006

Percentile

79.3%

JSON

Related for CVE-2006-6548