PT-2025-34485 · Unknown · Easy Hosting Control Panel
Published
2025-08-22
·
Updated
2025-09-24
·
CVE-2025-50858
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
Easy Hosting Control Panel (EHCP) version 20.04.1.b
Description:
The List MySQL Databases function in Easy Hosting Control Panel (EHCP) is susceptible to a reflected cross-site scripting issue. Authenticated attackers can potentially execute arbitrary JavaScript code through the
action parameter.Recommendations:
Update to a newer version of Easy Hosting Control Panel (EHCP) that addresses this issue. As a temporary workaround, sanitize the
action parameter to prevent the injection of malicious scripts.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Easy Hosting Control Panel