CVE-2004-1875

Name of the Vulnerable Software and Affected Versions cPanel version 9.1.0-R85 cPanel versions prior to 10

Description The issue allows remote attackers to inject arbitrary web script or HTML via various parameters, including the email parameter to "testfile.html", the file parameter to "erredit.html", the dns parameter to "dnslook.html", the account parameter to "ignorelist.html" and "showlog.html", the db parameter to "repairdb.html", the login parameter to "doaddftp.html", the account parameter to "editmsg.htm", and the ip parameter to "del.html".

Recommendations For cPanel version 9.1.0-R85, avoid using the vulnerable parameters in the specified API endpoints until a fix is available. As a temporary workaround, consider restricting access to the affected endpoints, such as "testfile.html", "erredit.html", "dnslook.html", "ignorelist.html", "showlog.html", "repairdb.html", "doaddftp.html", "editmsg.htm", and "del.html", to minimize the risk of exploitation. For versions prior to 10, apply the same restrictions as for version 9.1.0-R85.