VULHUB ™

H-Sphere is prone to multiple cross-site scripting vulnerabilities via the HTML template feature in the Hosting Control Panel. HTML and script code will not be filtered from pages which are generated when a request for an invalid or unknown template is made. This could be exploited if a web user follows a malicious link to a site hosting the vulnerable software that includes hostile HTML or script code. The link may also need to contain the username of a valid, logged in user.

H-Sphere is prone to multiple cross-site scripting vulnerabilities via the HTML template feature in the Hosting Control Panel. HTML and script code will not be filtered from pages which are generated when a request for an invalid or unknown template is made. This could be exploited if a web user follows a malicious link to a site hosting the vulnerable software that includes hostile HTML or script code. The link may also need to contain the username of a valid, logged in user.