CVE-2017-11441

The WHM Upload Locale interface in cPanel before 56.0.51, 58.x before 58.0.52, 60.x before 60.0.45, 62.x before 62.0.27, 64.x before 64.0.33, and 66.x before 66.0.2 has XSS via a locale filename, aka SEC-297.

Published: 2017-07-19 Last update: 2026-05-13 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2017-11441 is rated Low Risk (38.4/100): CVSS Medium severity, with low exploitation likelihood (EPSS 0.26%). Monitor for updates and reassess as exploit intelligence or EPSS changes.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2017-11441

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2025-03-17 0.05% 0.26% +0.21%
2 2023-03-07 0.89% 0.05% -0.83%
3 2022-02-04 0.89%

Full EPSS history (4 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2017-11441

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
5.4 3.0 MEDIUM
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Click to expand
Attack vector (AV:N)
Could be attacked over the internet or any normal routed network—not just someone sitting at the machine.
Attack complexity (AC:L)
Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:L)
A normal user session is enough; they don’t have to be admin.
User interaction (UI:R)
A real person has to do something—click, install, enable—otherwise it doesn’t land.
Scope (S:C)
Breaking this can reach past the original component and bite other resources—bigger blast radius.
Confidentiality (C:L)
Some sensitive info could get out, but not a total data dump.
Integrity (I:L)
Attackers could change some data, but it’s limited—not everything goes.
Availability (A:N)
Service keeps running; no real outage angle.
 2.3 2.7 [email protected]
3.5 2.0 LOW
AV:N/AC:M/Au:S/C:N/I:P/A:N Click to expand
Access vector (AV:N)
Can be exploited remotely over network reachability.
Access complexity (AC:M)
Exploitation needs some favorable conditions, but not exceptional ones.
Authentication (AU:S)
A single authentication is required.
Confidentiality impact (C:N)
No confidentiality impact.
Integrity impact (I:P)
Partial integrity impact.
Availability impact (A:N)
No availability impact.
 6.8 2.9 [email protected]

Weakness enumeration for CVE-2017-11441

Affected software / configurations for CVE-2017-11441

Vendor Product Version Raw CPE
cpanel whm <= 56.0.50 cpe:2.3:a:cpanel:whm:*:*:*:*:*:*:*:*
cpanel whm 58.0.3 cpe:2.3:a:cpanel:whm:58.0.3:*:*:*:*:*:*:*
cpanel whm 58.0.4 cpe:2.3:a:cpanel:whm:58.0.4:*:*:*:*:*:*:*
cpanel whm 58.0.5 cpe:2.3:a:cpanel:whm:58.0.5:*:*:*:*:*:*:*
cpanel whm 58.0.6 cpe:2.3:a:cpanel:whm:58.0.6:*:*:*:*:*:*:*
cpanel whm 58.0.7 cpe:2.3:a:cpanel:whm:58.0.7:*:*:*:*:*:*:*
cpanel whm 58.0.8 cpe:2.3:a:cpanel:whm:58.0.8:*:*:*:*:*:*:*
cpanel whm 58.0.11 cpe:2.3:a:cpanel:whm:58.0.11:*:*:*:*:*:*:*
cpanel whm 58.0.12 cpe:2.3:a:cpanel:whm:58.0.12:*:*:*:*:*:*:*
cpanel whm 58.0.13 cpe:2.3:a:cpanel:whm:58.0.13:*:*:*:*:*:*:*
cpanel whm 58.0.17 cpe:2.3:a:cpanel:whm:58.0.17:*:*:*:*:*:*:*
cpanel whm 58.0.19 cpe:2.3:a:cpanel:whm:58.0.19:*:*:*:*:*:*:*
cpanel whm 58.0.20 cpe:2.3:a:cpanel:whm:58.0.20:*:*:*:*:*:*:*
cpanel whm 58.0.23 cpe:2.3:a:cpanel:whm:58.0.23:*:*:*:*:*:*:*
cpanel whm 58.0.24 cpe:2.3:a:cpanel:whm:58.0.24:*:*:*:*:*:*:*
cpanel whm 58.0.25 cpe:2.3:a:cpanel:whm:58.0.25:*:*:*:*:*:*:*
cpanel whm 58.0.26 cpe:2.3:a:cpanel:whm:58.0.26:*:*:*:*:*:*:*
cpanel whm 58.0.27 cpe:2.3:a:cpanel:whm:58.0.27:*:*:*:*:*:*:*
cpanel whm 58.0.28 cpe:2.3:a:cpanel:whm:58.0.28:*:*:*:*:*:*:*
cpanel whm 58.0.29 cpe:2.3:a:cpanel:whm:58.0.29:*:*:*:*:*:*:*
cpanel whm 58.0.30 cpe:2.3:a:cpanel:whm:58.0.30:*:*:*:*:*:*:*
cpanel whm 58.0.31 cpe:2.3:a:cpanel:whm:58.0.31:*:*:*:*:*:*:*
cpanel whm 58.0.32 cpe:2.3:a:cpanel:whm:58.0.32:*:*:*:*:*:*:*
cpanel whm 58.0.34 cpe:2.3:a:cpanel:whm:58.0.34:*:*:*:*:*:*:*
cpanel whm 58.0.36 cpe:2.3:a:cpanel:whm:58.0.36:*:*:*:*:*:*:*
cpanel whm 58.0.37 cpe:2.3:a:cpanel:whm:58.0.37:*:*:*:*:*:*:*
cpanel whm 58.0.41 cpe:2.3:a:cpanel:whm:58.0.41:*:*:*:*:*:*:*
cpanel whm 58.0.43 cpe:2.3:a:cpanel:whm:58.0.43:*:*:*:*:*:*:*
cpanel whm 58.0.44 cpe:2.3:a:cpanel:whm:58.0.44:*:*:*:*:*:*:*
cpanel whm 58.0.45 cpe:2.3:a:cpanel:whm:58.0.45:*:*:*:*:*:*:*
cpanel whm 58.0.46 cpe:2.3:a:cpanel:whm:58.0.46:*:*:*:*:*:*:*
cpanel whm 58.0.47 cpe:2.3:a:cpanel:whm:58.0.47:*:*:*:*:*:*:*
cpanel whm 58.0.48 cpe:2.3:a:cpanel:whm:58.0.48:*:*:*:*:*:*:*
cpanel whm 58.0.49 cpe:2.3:a:cpanel:whm:58.0.49:*:*:*:*:*:*:*
cpanel whm 58.0.50 cpe:2.3:a:cpanel:whm:58.0.50:*:*:*:*:*:*:*
cpanel whm 58.0.51 cpe:2.3:a:cpanel:whm:58.0.51:*:*:*:*:*:*:*
cpanel whm 60.0.3 cpe:2.3:a:cpanel:whm:60.0.3:*:*:*:*:*:*:*
cpanel whm 60.0.4 cpe:2.3:a:cpanel:whm:60.0.4:*:*:*:*:*:*:*
cpanel whm 60.0.5 cpe:2.3:a:cpanel:whm:60.0.5:*:*:*:*:*:*:*
cpanel whm 60.0.6 cpe:2.3:a:cpanel:whm:60.0.6:*:*:*:*:*:*:*
cpanel whm 60.0.8 cpe:2.3:a:cpanel:whm:60.0.8:*:*:*:*:*:*:*
cpanel whm 60.0.9 cpe:2.3:a:cpanel:whm:60.0.9:*:*:*:*:*:*:*
cpanel whm 60.0.10 cpe:2.3:a:cpanel:whm:60.0.10:*:*:*:*:*:*:*
cpanel whm 60.0.11 cpe:2.3:a:cpanel:whm:60.0.11:*:*:*:*:*:*:*
cpanel whm 60.0.12 cpe:2.3:a:cpanel:whm:60.0.12:*:*:*:*:*:*:*
cpanel whm 60.0.13 cpe:2.3:a:cpanel:whm:60.0.13:*:*:*:*:*:*:*
cpanel whm 60.0.14 cpe:2.3:a:cpanel:whm:60.0.14:*:*:*:*:*:*:*
cpanel whm 60.0.15 cpe:2.3:a:cpanel:whm:60.0.15:*:*:*:*:*:*:*
cpanel whm 60.0.17 cpe:2.3:a:cpanel:whm:60.0.17:*:*:*:*:*:*:*
cpanel whm 60.0.18 cpe:2.3:a:cpanel:whm:60.0.18:*:*:*:*:*:*:*
cpanel whm 60.0.19 cpe:2.3:a:cpanel:whm:60.0.19:*:*:*:*:*:*:*
cpanel whm 60.0.22 cpe:2.3:a:cpanel:whm:60.0.22:*:*:*:*:*:*:*
cpanel whm 60.0.24 cpe:2.3:a:cpanel:whm:60.0.24:*:*:*:*:*:*:*
cpanel whm 60.0.25 cpe:2.3:a:cpanel:whm:60.0.25:*:*:*:*:*:*:*
cpanel whm 60.0.26 cpe:2.3:a:cpanel:whm:60.0.26:*:*:*:*:*:*:*
cpanel whm 60.0.27 cpe:2.3:a:cpanel:whm:60.0.27:*:*:*:*:*:*:*
cpanel whm 60.0.28 cpe:2.3:a:cpanel:whm:60.0.28:*:*:*:*:*:*:*
cpanel whm 60.0.31 cpe:2.3:a:cpanel:whm:60.0.31:*:*:*:*:*:*:*
cpanel whm 60.0.32 cpe:2.3:a:cpanel:whm:60.0.32:*:*:*:*:*:*:*
cpanel whm 60.0.34 cpe:2.3:a:cpanel:whm:60.0.34:*:*:*:*:*:*:*
cpanel whm 60.0.35 cpe:2.3:a:cpanel:whm:60.0.35:*:*:*:*:*:*:*
cpanel whm 60.0.36 cpe:2.3:a:cpanel:whm:60.0.36:*:*:*:*:*:*:*
cpanel whm 60.0.37 cpe:2.3:a:cpanel:whm:60.0.37:*:*:*:*:*:*:*
cpanel whm 60.0.38 cpe:2.3:a:cpanel:whm:60.0.38:*:*:*:*:*:*:*
cpanel whm 60.0.39 cpe:2.3:a:cpanel:whm:60.0.39:*:*:*:*:*:*:*
cpanel whm 60.0.42 cpe:2.3:a:cpanel:whm:60.0.42:*:*:*:*:*:*:*
cpanel whm 60.0.43 cpe:2.3:a:cpanel:whm:60.0.43:*:*:*:*:*:*:*
cpanel whm 60.0.44 cpe:2.3:a:cpanel:whm:60.0.44:*:*:*:*:*:*:*
cpanel whm 62.0.1 cpe:2.3:a:cpanel:whm:62.0.1:*:*:*:*:*:*:*
cpanel whm 62.0.2 cpe:2.3:a:cpanel:whm:62.0.2:*:*:*:*:*:*:*
cpanel whm 62.0.4 cpe:2.3:a:cpanel:whm:62.0.4:*:*:*:*:*:*:*
cpanel whm 62.0.5 cpe:2.3:a:cpanel:whm:62.0.5:*:*:*:*:*:*:*
cpanel whm 62.0.6 cpe:2.3:a:cpanel:whm:62.0.6:*:*:*:*:*:*:*
cpanel whm 62.0.7 cpe:2.3:a:cpanel:whm:62.0.7:*:*:*:*:*:*:*
cpanel whm 62.0.8 cpe:2.3:a:cpanel:whm:62.0.8:*:*:*:*:*:*:*
cpanel whm 62.0.9 cpe:2.3:a:cpanel:whm:62.0.9:*:*:*:*:*:*:*
cpanel whm 62.0.10 cpe:2.3:a:cpanel:whm:62.0.10:*:*:*:*:*:*:*
cpanel whm 62.0.11 cpe:2.3:a:cpanel:whm:62.0.11:*:*:*:*:*:*:*
cpanel whm 62.0.12 cpe:2.3:a:cpanel:whm:62.0.12:*:*:*:*:*:*:*
cpanel whm 62.0.14 cpe:2.3:a:cpanel:whm:62.0.14:*:*:*:*:*:*:*

References for CVE-2017-11441

cvelogic Threat Intelligence