CPanel SCGIwrap Path Disclosure And Cross-Site Scripting Vulnerabilities

CPanel SCGIwrap Path Disclosure And Cross-Site Scripting Vulnerabilities

cPanel is prone to path-disclosure and cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and to access sensitive data that may be used to launch further attacks against a vulnerable computer.

These versions are affected:

- cPanel 311.4.19-R14378 in the RELEASE and CURRENT branches
- versions prior to cPanel 10.9.1 in the STABLE branch