For those of you that have websites that use cPanel, you may want to tell your hosts about this below. -Clint
Happy Thanksgiving to all & God Bless Clint Hamilton, Owner http://www.OrpheusComputing.com http://www.ComputersCustomBuilt.com ----- Original Message ----- TITLE: cPanel "dns" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA22984 VERIFY ADVISORY: http://secunia.com/advisories/22984/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: >From remote SOFTWARE: cPanel 10.x http://secunia.com/product/5280/ DESCRIPTION: Aria-Security has reported a vulnerability in cPanel, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the "dns" parameter in dnslook.html is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is reported in version 10. Other versions may also be affected. SOLUTION: Update to version 10.9.0 R75. ORIGINAL ADVISORY: http://www.aria-security.com/forum/showthread.php?t=30 ============= PCWorks Mailing List ================= Don't see your post? Check our posting guidelines & make sure you've followed proper posting procedures, http://pcworkers.com/rules.htm Contact list owner <[EMAIL PROTECTED]> Unsubscribing and other changes: http://pcworkers.com =====================================================
