6Mo_Hack

**Name of the Vulnerable Software and Affected Versions** Outblaze (affected versions not specified) **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the `file` parameter. This could potentially lead to unauthorized actions on the affected system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** cPanel versions 10 and earlier **Description** The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via several parameters, including the `email` parameter to endpoints like "editquota.html" or "dodelpop.html", the `showtree` parameter to "diskusage.html", or the `mon`, `year`, `target`, or `domain` parameters to "stats/detailbw.html". **Recommendations** For cPanel versions 10 and earlier, update to a version later than 10 to resolve the issue. As a temporary workaround, consider restricting access to the affected endpoints, such as "editquota.html", "dodelpop.html", "diskusage.html", and "stats/detailbw.html", until a patch is available. Avoid using the vulnerable parameters, such as `email`, `showtree`, `mon`, `year`, `target`, or `domain`, in the affected endpoints until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** cPanel (affected versions not specified) **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the `numdays` parameter in the webmailaging.cgi component. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.