Launchpad.net

CVE 2009-4823

Cross-site scripting (XSS) vulnerability in frontend/x3/files/fileop.html in cPanel 11.0 through 11.24.7 allows remote attackers to inject arbitrary web script or HTML via the fileop parameter.

See the CVE page on Mitre.org for more details.

References