Description:
There is a cross-site scripting vulnerability found on cpanel application hosted on the website. Cpanel is not updated because auto update feature is disabled.
An attacker can steal cookies or hijack browser session.
www.██████
http://www.████/cpanelwebcall/%3Cimg%20src=x%20onerror=%22prompt(1)%22%3Eaaaaaaaaaaaa
Enable autoupdate feature and update cpanel