Cpanel · Cpanel · CVE-2008-2070
**Name of the Vulnerable Software and Affected Versions**
cPanel versions 11.18.0 through 11.18.3
cPanel versions 11.22.0 through 11.22.2
**Description**
The issue allows remote attackers to bypass XSS protection and inject arbitrary script or HTML via repeated, improperly-ordered "<" and ">" characters in the `issue` parameter to "scripts2/knowlegebase", `user` parameter to "scripts2/changeip", `search` parameter to "scripts2/listaccts", and other unspecified vectors.
**Recommendations**
For cPanel versions 11.18.0 through 11.18.3, update to version 11.18.4 or later.
For cPanel versions 11.22.0 through 11.22.2, update to version 11.22.3 or later.