In order to exploit these vulnerabilities, an attacker must create a malicious link containing arbitrary HTML or script code, and employ social engineering tactics to convince a user to load it. Users should not load links from untrusted sources.
Administrators are advised to regularly use the auto-update system provided with cPanel.
The vendor has stated that a comprehensive security audit is being performed on cPanel in an attempt to reduce future cross-site scripting and SQL injection vulnerabilities. Updated software will be published via the auto-update system as soon as it is available.
Exploit code has been publicly released for this vulnerability, increasing the likelihood of an attack.