Preth00Nker

**Name of the Vulnerable Software and Affected Versions** 2Wire, Inc. HomePortal and OfficePortal Series modems and routers (affected versions not specified) **Description** The issue concerns the web-based management interface, which can be crashed by remote attackers through a specific sequence in a GET request, leading to a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** cPanel version 10 **Description** The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. Specifically, the vulnerabilities can be exploited via the `dir` parameter in "dohtaccess.html", or the `file` parameter in either "editit.html" or "showfile.html". **Recommendations** For cPanel version 10, update to a version that includes a fix for these XSS vulnerabilities to prevent remote attackers from injecting arbitrary web script or HTML. As a temporary workaround, consider restricting access to the affected parameters `dir` and `file` in the respective HTML files until a patch is available.