cPanel (UNKNOWN VERSION) - XSS in /scripts2/getssldata


Resellers could create SSL certificates which contained javascript in various fields. If root attempted to view the certificate via WHM, and if root had javascript enabled in their browser, XSS would have been possible.

[user@host ~]$ openssl x509 -in -noout -subject


Resellers could potentially cause requests to be issued to WHM, by root. This includes changing the root password of the server, and changing the resolvers in /etc/resolv.conf.