Lucene search
Rook1337H1:1982630HistoryMay 10, 2023 - 11:36 p.m.
U.S. Dept Of Defense: CVE-2023-29489 XSS in cpanel at [www.███] - Securado, Oman
2023-05-1023:36:50
rook1337
hackerone.com
125
dept of defense
cross-site scripting
vulnerability
cpanel
auto update
cookies
hijack
browser session
security
update
bug bounty
0.004 Low
EPSS
Percentile
73.4%
Description:
There is a cross-site scripting vulnerability found on cpanel application hosted on the website. Cpanel is not updated because auto update feature is disabled.
Impact
An attacker can steal cookies or hijack browser session.
System Host(s)
www.██████
Affected Product(s) and Version(s)
CVE Numbers
Steps to Reproduce
- Go to
http://www.████/cpanelwebcall/%3Cimg%20src=x%20onerror=%22prompt(1)%22%3Eaaaaaaaaaaaa - You will see XSS popup message
Suggested Mitigation/Remediation Actions
Enable autoupdate feature and update cpanel
Related
githubexploit
githubexploit
Exploit for Cross-site Scripting in Cpanel
2024-04-21 12:26:22
Exploit for Cross-site Scripting in Cpanel
2024-05-30 07:20:09
Exploit for Cross-site Scripting in Cpanel
2023-10-17 11:18:53
attackerkb
attackerkb
CVE-2023-29489
2023-04-27 00:00:00
prion
prion
Design/Logic Flaw
2023-04-27 21:15:00
cvelist
cvelist
CVE-2023-29489
2023-04-27 00:00:00
nvd
nvd
CVE-2023-29489
2023-04-27 21:15:10
cve
cve
CVE-2023-29489
2023-04-27 21:15:10
nuclei
nuclei
cPanel < 11.109.9999.116 - Cross-Site Scripting
2023-04-27 01:00:20
thn
thn