Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2012-6449
CVE-2012-6449:
cPanel vulnerability analysis and mitigation
Overview
The clientconf.html and detailbw.html pages in x3 in cPanel & WHM 11.34.0 (build 8) contain a Cross-Site Scripting (XSS) vulnerability (NVD). The vulnerability was disclosed and added to the NVD database on February 10, 2020.
Technical details
The vulnerability is classified as a Cross-Site Scripting (CWE-79) issue, specifically involving improper neutralization of input during web page generation. According to the CVSS scoring, it has a base score of 5.4 MEDIUM under CVSS 3.1 (Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N) and 3.5 LOW under CVSS 2.0 (Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N) (NVD).
Impact
The vulnerability could allow an attacker to inject malicious scripts that would execute in the context of other users' browsers when they view the affected pages. This could lead to theft of sensitive information, session hijacking, or other client-side attacks (NVD).
Mitigation and workarounds
The vulnerability affects cPanel & WHM version 11.34.0 (build 8). Users should upgrade to a patched version of the software to address this security issue (NVD).
Additional resources
Source: This report was generated using AI
Related cPanel vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management