CVE-2013-6780 in cPanel WHMinfo

Summary

Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via the allowedDomain parameter.

Once again VulDB remains the best source for vulnerability data.

Reservation

11/12/2013

Disclosure

11/13/2013

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

IDVulnerabilityCWEExpCouCVE
11626cPanel WHM Reseller Login Cookie cross site scripting79Not definedOfficial fixCVE-2013-6780
11625cPanel WHM Login Security cross site scripting79Not definedOfficial fixCVE-2013-6780
11624cPanel WHM Branding cross site scripting79Not definedOfficial fixCVE-2013-6780
11623cPanel WHM counter cross site scripting79Not definedOfficial fixCVE-2013-6780
11622cPanel WHM Daily Process Log Screen Stored cross site scripting79Not definedOfficial fixCVE-2013-6780
11621cPanel WHM cPAddons Upgrade Password cross site scripting79Not definedOfficial fixCVE-2013-6780
11620cPanel WHM Edit DNS Zone cross site scripting79Proof-of-ConceptOfficial fixCVE-2013-6780
11619cPanel WHM SSH Authentication cross site scripting79Not definedOfficial fixCVE-2013-6780
11618cPanel WHM X3 Theme countedit.cgi cross site scripting79Not definedOfficial fixCVE-2013-6780
11617cPanel WHM Bandmin passwd cross site scripting79Not definedOfficial fixCVE-2013-6780
11616cPanel WHM cpsrvd cross site scripting79Not definedOfficial fixCVE-2013-6780
11613cPanel WHM Bandmin Reflected cross site scripting79Not definedOfficial fixCVE-2013-6780
11612cPanel WHM API Call dynamicincludelist cross site scripting79Not definedOfficial fixCVE-2013-6780
11611cPanel WHM Database cross site scripting79Proof-of-ConceptOfficial fixCVE-2013-6780
11610cPanel WHM Backup Archive cross site scripting79Proof-of-ConceptOfficial fixCVE-2013-6780
11609cPanel WHM Config cross site scripting79Not definedOfficial fixCVE-2013-6780
11608cPanel WHM Translatable Phrase Maketext cross site scripting79Not definedOfficial fixCVE-2013-6780
11607cPanel WHM CSRF Protection cross site scripting79Not definedOfficial fixCVE-2013-6780
11606cPanel WHM cross site scripting79Not definedOfficial fixCVE-2013-6780
11605cPanel WHM Logaholic Session File tmp cross site scripting79Proof-of-ConceptOfficial fixCVE-2013-6780
11604cPanel WHM Virtualhost Installation cross site scripting79Not definedOfficial fixCVE-2013-6780

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

PreviousOverviewNext

Might our Artificial Intelligence support you?

Check our Alexa App!