Vulners
Lucene search
CentOS Web Panel 0.9.8.793 (Free) / 0.9.8.753 (Pro) - Cross-Site Scripting
| Reporter | Title | Published | Views | Family All 9 |
|---|---|---|---|---|
 | CentOS Web Panel 0.9.8.793 (Free) / 0.9.8.753 (Pro) - Cross-Site Scripting Vulnerability | 9 Apr 201900:00 | – | zdt |
 | CentOS Web Panel Cross-Site Scripting Vulnerability (CNVD-2019-12907) | 10 Apr 201900:00 | – | cnvd |
 | CVE-2019-10893 | 18 Apr 201919:50 | – | cve |
 | CVE-2019-10893 | 18 Apr 201919:50 | – | cvelist |
 | EUVD-2019-2615 | 7 Oct 202500:30 | – | euvd |
 | CentOS Web Panel 0.9.8.793 (Free) 0.9.8.753 (Pro) - Cross-Site Scripting | 8 Apr 201900:00 | – | exploitpack |
 | CVE-2019-10893 | 18 Apr 201920:29 | – | nvd |
 | CentOS Web Panel 0.9.8.793 (Free) / 0.9.8.753 (Pro) Cross Site Scripting | 8 Apr 201900:00 | – | packetstorm |
 | Design/Logic Flaw | 18 Apr 201920:29 | – | prion |
# Exploit Title: CentOS Web Panel v0.9.8.793 (Free) and v0.9.8.753 (Pro) - Email Field Stored Cross-Site Scripting Vulnerability
# Google Dork: N/A
# Date: 06 - April - 2019
# Exploit Author: DKM
# Vendor Homepage: http://centos-webpanel.com
# Software Link: http://centos-webpanel.com
# Version: v0.9.8.793 (Free) and v0.9.8.753 (Pro)
# Tested on: CentOS 7
# CVE : CVE-2019-10893
# Description:
CentOS-WebPanel.com (aka CWP) CentOS Web Panel v0.9.8.793 (Free/Open Source Version) and v0.9.8.753 (Pro) is vulnerable to Stored/Persistent XSS for Admin Email fields on the "CWP Settings > "Edit Settings" screen. By changing the email ID to any XSS Payload and clicking on Save Changes, the XSS Payload will execute.
# Steps to Reproduce:
1. Login into the CentOS Web Panel using admin credential.
2. From Navigation Click on "CWP Settings then Click on "Edit Settings"
3. In "Email Address" field give simple payload as: <script>alert(1)</script> and Click Save Changes
4. Now one can see that the XSS Payload executed.
5. The application does not properly sanitize the user input even does not validation/check the user input is valid email id or not.Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
08 Apr 2019 00:00Current
5.2Medium risk
Vulners AI Score5.2
CVSS 23.5
CVSS 34.8
EPSS0.00362