cPanel (UNKNOWN VERSION) - XSS in /scripts/suspendlist



DESCRIPTION


When a reseller suspended an account, they could list the reason for the suspension, which is stored here: /var/cpanel/suspended/username. If that file contains javascript, it could be executed in root's browser when accessing the "List Suspended Accounts" link in WHM.



IMPACT


Local users could potentially cause requests to be issued to WHM, by root. This includes changing the root password of the server, and changing the resolvers in /etc/resolv.conf.