XSS in Zpanelcp Zpanel

CVE-2012-5684

Cross-site scripting (XSS) vulnerability in ZPanel 10.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the inFullname parameter in an UpdateAccountSettings action in the my_account module to zpanel/.

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.032 (86.6th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

References