CVE-2009-4823

Published Apr 27, 2010

Last updated 15 years ago

Overview

Description: Cross-site scripting (XSS) vulnerability in frontend/x3/files/fileop.html in cPanel 11.0 through 11.24.7 allows remote attackers to inject arbitrary web script or HTML via the fileop parameter.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-79

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:cpanel:cpanel:11.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D42E0955-7BDB-470A-B487-8A33C4C30800"
          },
          {
            "criteria": "cpe:2.3:a:cpanel:cpanel:11.4.19:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CCC97216-E9A0-467B-86D7-8F4DB146220C"
          },
          {
            "criteria": "cpe:2.3:a:cpanel:cpanel:11.16:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6E3919CF-D66F-4713-8E34-F4C9E9EDFB31"
          },
          {
            "criteria": "cpe:2.3:a:cpanel:cpanel:11.18:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CF562242-C032-4D52-9464-91EF5C9EEA9A"
          },
          {
            "criteria": "cpe:2.3:a:cpanel:cpanel:11.18.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "80AD4CE4-714E-4949-B676-F1F692172773"
          },
          {
            "criteria": "cpe:2.3:a:cpanel:cpanel:11.18.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6FAC2F2A-3A9C-4B7D-8B20-4DBEB6DF9532"
          },
          {
            "criteria": "cpe:2.3:a:cpanel:cpanel:11.18.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "53A19523-B3B1-48E6-A202-CEB1CBD2DDB4"
          },
          {
            "criteria": "cpe:2.3:a:cpanel:cpanel:11.18.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "064D2D20-2410-4BF5-BEAB-B0FEA6858814"
          },
          {
            "criteria": "cpe:2.3:a:cpanel:cpanel:11.19.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "04480CFC-EA47-4723-B23D-0C415598D254"
          },
          {
            "criteria": "cpe:2.3:a:cpanel:cpanel:11.21:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "80CEE914-DB4B-4777-B8BD-A8EAE6526E1E"
          },
          {
            "criteria": "cpe:2.3:a:cpanel:cpanel:11.21:beta:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5BB81672-314F-49D4-AD9E-CA8D1A14CD45"
          },
          {
            "criteria": "cpe:2.3:a:cpanel:cpanel:11.22:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "67891987-C727-45FF-B027-11B25D2849D3"
          },
          {
            "criteria": "cpe:2.3:a:cpanel:cpanel:11.22.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "011314F7-1977-453B-B308-DB776DF604E2"
          },
          {
            "criteria": "cpe:2.3:a:cpanel:cpanel:11.22.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "051B4B2E-BF9B-4EA8-973B-6D96A1618F24"
          },
          {
            "criteria": "cpe:2.3:a:cpanel:cpanel:11.22.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5E3915A3-45AA-4B53-9990-2FED41439D63"
          },
          {
            "criteria": "cpe:2.3:a:cpanel:cpanel:11.24:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C1FA032B-D404-4648-A380-CF349FBD6023"
          },
          {
            "criteria": "cpe:2.3:a:cpanel:cpanel:11.24.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8D4A0F2A-1327-4CDE-8A7D-9699A240C329"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References