Skip to main content

Easy Hosting Control Panel CVE-2018-6361

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2018-05-11 cve@mitre.org
6.1
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
6.1 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
May 11, 2018 - 21:29 nvd
MEDIUM 6.1

DescriptionNVD

Easy Hosting Control Panel (EHCP) v0.37.12.b has XSS via the op parameter, as demonstrated by adding a backdoor FTP account.

AnalysisAI

Easy Hosting Control Panel (EHCP) v0.37.12.b has XSS via the op parameter, as demonstrated by adding a backdoor FTP account. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Easy Hosting Control Panel (EHCP) v0.37.12.b has XSS via the op parameter, as demonstrated by adding a backdoor FTP account. Affected products include: Ehcp Easy Hosting Control Panel.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2018-6458 HIGH POC
8.8 May 11

Easy Hosting Control Panel (EHCP) v0.37.12.b allows remote attackers to conduct cross-site request forgery (CSRF) attack

CVE-2018-6619 HIGH POC
7.8 May 11

Easy Hosting Control Panel (EHCP) v0.37.12.b makes it easier for attackers to crack database passwords by leveraging use

CVE-2018-6618 HIGH POC
7.8 May 11

Easy Hosting Control Panel (EHCP) v0.37.12.b allows attackers to obtain sensitive information by leveraging cleartext pa

CVE-2018-6617 HIGH POC
7.8 May 11

Easy Hosting Control Panel (EHCP) v0.37.12.b, when using a local MySQL server, allows attackers to change passwords of a

CVE-2018-6362 MEDIUM POC
6.1 May 11

Easy Hosting Control Panel (EHCP) v0.37.12.b has XSS via the domainop action parameter, as demonstrated by reading the P

CVE-2025-50859 MEDIUM POC
6.1 Aug 22

Reflected Cross-Site Scripting in the Change Template function in Easy Hosting Control Panel (EHCP) 20.04.1.b allows aut

CVE-2025-50858 MEDIUM POC
6.1 Aug 22

Reflected Cross-Site Scripting in the List MySQL Databases function in Easy Hosting Control Panel (EHCP) 20.04.1.b allow

CVE-2025-50860 MEDIUM POC
5.4 Aug 21

SQL Injection in the listdomains function in Easy Hosting Control Panel (EHCP) 20.04.1.b allows authenticated attackers

CVE-2025-50926 MEDIUM POC
6.5 Aug 19

Easy Hosting Control Panel EHCP v20.04.1.b was discovered to contain a SQL injection vulnerability via the id parameter

CVE-2025-50928 MEDIUM POC
4.8 Aug 08

Easy Hosting Control Panel EHCP v20.04.1.b was discovered to contain a SQL injection vulnerability via the id parameter

CVE-2025-50927 MEDIUM
6.3 Aug 08

A reflected cross-site scripting (XSS) vulnerability in the List All FTP User Function in EHCP v20.04.1.b allows authent

Share

CVE-2018-6361 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy