CVE-2017-18481 - NVD | ByteOS Network

NVD Vulnerability Details :

CVE-2017-18481

Analyzed

More Info Official Page

Source-cve@mitre.org

Published At-05 Aug, 2019 | 13:15

Updated At-07 Aug, 2019 | 12:36

cPanel before 62.0.4 allows stored XSS in the WHM Account Suspension List interface (SEC-211).

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.0	5.4	MEDIUM	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Primary	2.0	3.5	LOW	AV:N/AC:M/Au:S/C:N/I:P/A:N

Type: Primary

Version: 3.0

Base score: 5.4

Base severity: MEDIUM

Vector:

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Type: Primary

Version: 2.0

Base score: 3.5

Base severity: LOW

Vector:

AV:N/AC:M/Au:S/C:N/I:P/A:N

CPE Matches

cPanel (WebPros International, LLC)

>>cpanel>>Versions from 11.54.0.0(inclusive) to 11.54.0.36(exclusive)

cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*

cPanel (WebPros International, LLC)

>>cpanel>>Versions from 55.9999.61(inclusive) to 56.0.43(exclusive)

cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*

cPanel (WebPros International, LLC)

>>cpanel>>Versions from 57.9999.48(inclusive) to 58.0.43(exclusive)

cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*

cPanel (WebPros International, LLC)

>>cpanel>>Versions from 59.9999.58(inclusive) to 60.0.35(exclusive)

cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*

cPanel (WebPros International, LLC)

>>cpanel>>Versions from 61.9999.55(inclusive) to 62.0.4(exclusive)

cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-79	Primary	nvd@nist.gov

CWE ID: CWE-79

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
https://documentation.cpanel.net/display/CL/62+Change+Log	cve@mitre.org	Release Notes Vendor Advisory
https://news.cpanel.com/tsr-2017-0001-full-disclosure/	nvd@nist.gov	Vendor Advisory

Hyperlink: https://documentation.cpanel.net/display/CL/62+Change+Log

Source: cve@mitre.org

Resource:

Release Notes

Vendor Advisory

Hyperlink: https://news.cpanel.com/tsr-2017-0001-full-disclosure/

Source: nvd@nist.gov

Resource:

Vendor Advisory