CVE-2006-4293

Name of the Vulnerable Software and Affected Versions cPanel version 10

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. Specifically, the vulnerabilities can be exploited via the dir parameter in "dohtaccess.html", or the file parameter in either "editit.html" or "showfile.html".

Recommendations For cPanel version 10, update to a version that includes a fix for these XSS vulnerabilities to prevent remote attackers from injecting arbitrary web script or HTML. As a temporary workaround, consider restricting access to the affected parameters dir and file in the respective HTML files until a patch is available.