Matteo Carli

**Name of the Vulnerable Software and Affected Versions** cPanel versions 11.18.0 through 11.18.3 cPanel versions 11.22.0 through 11.22.2 **Description** The issue allows remote attackers to bypass XSS protection and inject arbitrary script or HTML via repeated, improperly-ordered "<" and ">" characters in the `issue` parameter to "scripts2/knowlegebase", `user` parameter to "scripts2/changeip", `search` parameter to "scripts2/listaccts", and other unspecified vectors. **Recommendations** For cPanel versions 11.18.0 through 11.18.3, update to version 11.18.4 or later. For cPanel versions 11.22.0 through 11.22.2, update to version 11.22.3 or later.