CVE-2005-3505

Name of the Vulnerable Software and Affected Versions cPanel versions 10.2.0-R82 through 10.6.0-R137

Description A cross-site scripting issue exists, allowing remote attackers to inject arbitrary web script or HTML via a chat message. This is possible by including Javascript in style attributes within tags, which can be processed by Internet Explorer.

Recommendations For versions 10.2.0-R82 through 10.6.0-R137, consider disabling the Entropy Chat script as a temporary workaround until a patch is available. Restrict access to chat functionality to minimize the risk of exploitation. Avoid using style attributes in tags such as in chat messages until the issue is resolved.