Unrated severityNVD Advisory· Published Mar 30, 2004· Updated Apr 16, 2026
CVE-2004-1875
CVE-2004-1875
Description
Multiple cross-site scripting (XSS) vulnerabilities in cPanel 9.1.0-R85 allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to testfile.html, (2) file parameter to erredit.html, (3) dns parameter to dnslook.html, (4) account parameter to ignorelist.html, (5) account parameter to showlog.html, (6) db parameter to repairdb.html, (7) login parameter to doaddftp.html (8) account parameter to editmsg.htm, or (9) ip parameter to del.html. NOTE: the dnslook.html vector was later reported to exist in cPanel 10.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
18- secunia.com/advisories/11244nvdPatchVendor Advisory
- www.cirt.net/advisories/cpanel_xss.shtmlnvdPatchVendor Advisory
- secunia.com/advisories/22984nvdVendor Advisory
- www.osvdb.org/4208nvdVendor Advisory
- www.osvdb.org/4209nvdVendor Advisory
- www.osvdb.org/4210nvdVendor Advisory
- www.osvdb.org/4212nvdVendor Advisory
- www.osvdb.org/4213nvdVendor Advisory
- www.osvdb.org/4214nvdVendor Advisory
- www.osvdb.org/4215nvdVendor Advisory
- www.osvdb.org/4243nvdVendor Advisory
- www.securityfocus.com/bid/10002nvdVendor Advisory
- www.vupen.com/english/advisories/2006/4658nvdVendor Advisory
- marc.infonvd
- www.aria-security.com/forum/showthread.phpnvd
- www.osvdb.org/4211nvd
- www.securityfocus.com/bid/21142nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/15671nvd
News mentions
0No linked articles in our index yet.