CVE-2006-5883

Name of the Vulnerable Software and Affected Versions cPanel version 10

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote authenticated users to inject arbitrary web script or HTML. The affected parameters include the dir parameter in the "seldir.html" endpoint, and the user and dir parameters in the "newuser.html" endpoint.

Recommendations For cPanel version 10, update to a version that includes a fix for these XSS vulnerabilities to prevent remote authenticated users from injecting arbitrary web script or HTML. As a temporary workaround, consider restricting access to the "seldir.html" and "newuser.html" endpoints until a patch is available. Avoid using the dir, user parameters in these endpoints until the issue is resolved.