CVE-2006-6198

Name of the Vulnerable Software and Affected Versions cPanel WebHost Manager (WHM) version 3.1.0

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote authenticated users to inject arbitrary web script or HTML. The affected API endpoints include: "/scripts2/dochangeemail" with the email parameter, "/cgi/addon configsupport.cgi" with the supporturl parameter, "/scripts/editpkg" with the pkg parameter, "/scripts2/domts2" and "/scripts/editzone" with the domain parameter, "/scripts2/dofeaturemanager" with the feature parameter, and "/scripts/park" with the ndomain parameter.

Recommendations For cPanel WebHost Manager (WHM) version 3.1.0, consider disabling access to the affected API endpoints until a patch is available. Restrict the use of the email, supporturl, pkg, domain, feature, and ndomain parameters in the respective endpoints to minimize the risk of exploitation. Avoid using these parameters in the affected API endpoints until the issue is resolved.