CVE-2017-11441

The WHM Upload Locale interface in cPanel before 56.0.51, 58.x before 58.0.52, 60.x before 60.0.45, 62.x before 62.0.27, 64.x before 64.0.33, and 66.x before 66.0.2 has XSS via a locale filename, aka SEC-297.

CVSS v3 5.4 MEDIUM
CVSS v2.0 3.5 LOW

5.4^/10

CVSS v3 : MEDIUM

V3 Legend

Vector : AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Exploitability : 2.3 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

3.5^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:N/AC:M/Au:S/C:N/I:P/A:N

Exploitability : 6.8 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://news.cpanel.com/cpanel-tsr-2017-0004-full-disclosure/	Vendor Advisory
https://news.cpanel.com/cpanel-tsr-2017-0004-full-disclosure/	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:cpanel:whm:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:a:cpanel:whm:58.0.3:::::::*
	cpe:2.3:a:cpanel:whm:58.0.4:::::::*
	cpe:2.3:a:cpanel:whm:58.0.5:::::::*
	cpe:2.3:a:cpanel:whm:58.0.6:::::::*
	cpe:2.3:a:cpanel:whm:58.0.7:::::::*
	cpe:2.3:a:cpanel:whm:58.0.8:::::::*
	cpe:2.3:a:cpanel:whm:58.0.11:::::::*
	cpe:2.3:a:cpanel:whm:58.0.12:::::::*
	cpe:2.3:a:cpanel:whm:58.0.13:::::::*
	cpe:2.3:a:cpanel:whm:58.0.17:::::::*
	cpe:2.3:a:cpanel:whm:58.0.19:::::::*
	cpe:2.3:a:cpanel:whm:58.0.20:::::::*
	cpe:2.3:a:cpanel:whm:58.0.23:::::::*
	cpe:2.3:a:cpanel:whm:58.0.24:::::::*
	cpe:2.3:a:cpanel:whm:58.0.25:::::::*
	cpe:2.3:a:cpanel:whm:58.0.26:::::::*
	cpe:2.3:a:cpanel:whm:58.0.27:::::::*
	cpe:2.3:a:cpanel:whm:58.0.28:::::::*
	cpe:2.3:a:cpanel:whm:58.0.29:::::::*
	cpe:2.3:a:cpanel:whm:58.0.30:::::::*
	cpe:2.3:a:cpanel:whm:58.0.31:::::::*
	cpe:2.3:a:cpanel:whm:58.0.32:::::::*
	cpe:2.3:a:cpanel:whm:58.0.34:::::::*
	cpe:2.3:a:cpanel:whm:58.0.36:::::::*
	cpe:2.3:a:cpanel:whm:58.0.37:::::::*
	cpe:2.3:a:cpanel:whm:58.0.41:::::::*
	cpe:2.3:a:cpanel:whm:58.0.43:::::::*
	cpe:2.3:a:cpanel:whm:58.0.44:::::::*
	cpe:2.3:a:cpanel:whm:58.0.45:::::::*
	cpe:2.3:a:cpanel:whm:58.0.46:::::::*
	cpe:2.3:a:cpanel:whm:58.0.47:::::::*
	cpe:2.3:a:cpanel:whm:58.0.48:::::::*
	cpe:2.3:a:cpanel:whm:58.0.49:::::::*
	cpe:2.3:a:cpanel:whm:58.0.50:::::::*
	cpe:2.3:a:cpanel:whm:58.0.51:::::::*

Configuration 3 (hide)

OR	cpe:2.3:a:cpanel:whm:60.0.3:::::::*
	cpe:2.3:a:cpanel:whm:60.0.4:::::::*
	cpe:2.3:a:cpanel:whm:60.0.5:::::::*
	cpe:2.3:a:cpanel:whm:60.0.6:::::::*
	cpe:2.3:a:cpanel:whm:60.0.8:::::::*
	cpe:2.3:a:cpanel:whm:60.0.9:::::::*
	cpe:2.3:a:cpanel:whm:60.0.10:::::::*
	cpe:2.3:a:cpanel:whm:60.0.11:::::::*
	cpe:2.3:a:cpanel:whm:60.0.12:::::::*
	cpe:2.3:a:cpanel:whm:60.0.13:::::::*
	cpe:2.3:a:cpanel:whm:60.0.14:::::::*
	cpe:2.3:a:cpanel:whm:60.0.15:::::::*
	cpe:2.3:a:cpanel:whm:60.0.17:::::::*
	cpe:2.3:a:cpanel:whm:60.0.18:::::::*
	cpe:2.3:a:cpanel:whm:60.0.19:::::::*
	cpe:2.3:a:cpanel:whm:60.0.22:::::::*
	cpe:2.3:a:cpanel:whm:60.0.24:::::::*
	cpe:2.3:a:cpanel:whm:60.0.25:::::::*
	cpe:2.3:a:cpanel:whm:60.0.26:::::::*
	cpe:2.3:a:cpanel:whm:60.0.27:::::::*
	cpe:2.3:a:cpanel:whm:60.0.28:::::::*
	cpe:2.3:a:cpanel:whm:60.0.31:::::::*
	cpe:2.3:a:cpanel:whm:60.0.32:::::::*
	cpe:2.3:a:cpanel:whm:60.0.34:::::::*
	cpe:2.3:a:cpanel:whm:60.0.35:::::::*
	cpe:2.3:a:cpanel:whm:60.0.36:::::::*
	cpe:2.3:a:cpanel:whm:60.0.37:::::::*
	cpe:2.3:a:cpanel:whm:60.0.38:::::::*
	cpe:2.3:a:cpanel:whm:60.0.39:::::::*
	cpe:2.3:a:cpanel:whm:60.0.42:::::::*
	cpe:2.3:a:cpanel:whm:60.0.43:::::::*
	cpe:2.3:a:cpanel:whm:60.0.44:::::::*

Configuration 4 (hide)

OR	cpe:2.3:a:cpanel:whm:62.0.1:::::::*
	cpe:2.3:a:cpanel:whm:62.0.2:::::::*
	cpe:2.3:a:cpanel:whm:62.0.4:::::::*
	cpe:2.3:a:cpanel:whm:62.0.5:::::::*
	cpe:2.3:a:cpanel:whm:62.0.6:::::::*
	cpe:2.3:a:cpanel:whm:62.0.7:::::::*
	cpe:2.3:a:cpanel:whm:62.0.8:::::::*
	cpe:2.3:a:cpanel:whm:62.0.9:::::::*
	cpe:2.3:a:cpanel:whm:62.0.10:::::::*
	cpe:2.3:a:cpanel:whm:62.0.11:::::::*
	cpe:2.3:a:cpanel:whm:62.0.12:::::::*
	cpe:2.3:a:cpanel:whm:62.0.14:::::::*
	cpe:2.3:a:cpanel:whm:62.0.15:::::::*
	cpe:2.3:a:cpanel:whm:62.0.16:::::::*
	cpe:2.3:a:cpanel:whm:62.0.17:::::::*
	cpe:2.3:a:cpanel:whm:62.0.19:::::::*
	cpe:2.3:a:cpanel:whm:62.0.20:::::::*
	cpe:2.3:a:cpanel:whm:62.0.23:::::::*
	cpe:2.3:a:cpanel:whm:62.0.24:::::::*
	cpe:2.3:a:cpanel:whm:62.0.26:::::::*

Configuration 5 (hide)

OR	cpe:2.3:a:cpanel:whm:64.0.0:::::::*
	cpe:2.3:a:cpanel:whm:64.0.1:::::::*
	cpe:2.3:a:cpanel:whm:64.0.2:::::::*
	cpe:2.3:a:cpanel:whm:64.0.3:::::::*
	cpe:2.3:a:cpanel:whm:64.0.4:::::::*
	cpe:2.3:a:cpanel:whm:64.0.7:::::::*
	cpe:2.3:a:cpanel:whm:64.0.9:::::::*
	cpe:2.3:a:cpanel:whm:64.0.11:::::::*
	cpe:2.3:a:cpanel:whm:64.0.12:::::::*
	cpe:2.3:a:cpanel:whm:64.0.13:::::::*
	cpe:2.3:a:cpanel:whm:64.0.14:::::::*
	cpe:2.3:a:cpanel:whm:64.0.15:::::::*
	cpe:2.3:a:cpanel:whm:64.0.17:::::::*
	cpe:2.3:a:cpanel:whm:64.0.18:::::::*
	cpe:2.3:a:cpanel:whm:64.0.19:::::::*
	cpe:2.3:a:cpanel:whm:64.0.20:::::::*
	cpe:2.3:a:cpanel:whm:64.0.21:::::::*
	cpe:2.3:a:cpanel:whm:64.0.22:::::::*
	cpe:2.3:a:cpanel:whm:64.0.24:::::::*
	cpe:2.3:a:cpanel:whm:64.0.27:::::::*
	cpe:2.3:a:cpanel:whm:64.0.28:::::::*
	cpe:2.3:a:cpanel:whm:64.0.29:::::::*
	cpe:2.3:a:cpanel:whm:64.0.30:::::::*
	cpe:2.3:a:cpanel:whm:64.0.31:::::::*
	cpe:2.3:a:cpanel:whm:64.0.32:::::::*

Configuration 6 (hide)

cpe:2.3:a:cpanel:whm:66.0.1:*:*:*:*:*:*:*

History

21 Nov 2024, 03:07

Type	Values Removed	Values Added
References	~~() https://news.cpanel.com/cpanel-tsr-2017-0004-full-disclosure/ - Vendor Advisory~~	() https://news.cpanel.com/cpanel-tsr-2017-0004-full-disclosure/ - Vendor Advisory

Information

Published : 2017-07-19 07:29

Updated : 2025-04-20 01:37

NVD link : CVE-2017-11441

Mitre link : CVE-2017-11441

CVE.ORG link : CVE-2017-11441

JSON object : View

Products Affected

cpanel

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

5.4 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

3.5 /10

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

JSON object

Attach tags to CVE-2017-11441

5.4^/10

3.5^/10

Attach tags to `CVE-2017-11441`