cPanel version 11.18.3 contains a vulnerability that could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks.
The vulnerability exists due to insufficient input validation in the vulnerable script. An unauthenticated, remote attacker could exploit this vulnerability by convincing the user to follow a crafted URL that is designed to pass attacker-supplied HTML or script to the affected system. When processed, the affected system may return the attacker-supplied code to the user unsanitized. An exploit could allow an attacker to execute arbitrary HTML or script code in the user's browser session in the context of the affected site.
The vendor has not confirmed this vulnerability and updates are not available.