Multiple cross-site scripting (XSS) vulnerabilities in WebHostManager (WHM) 10.8.0 cPanel 10.9.0 R50 allow remote attackers to inject arbitrary web script or HTML via the (1) theme parameter to scripts/dosetmytheme and the (2) template parameter to scripts2/editzonetemplate. This vulnerability is addressed in the following product release:
cPanel, cPanel, 10.9.0-R56
Publication date: Thu, 26 Oct 2006 22:07:00 +0000