Reporter Rafay Baloch
Discovered by: Rafay Baloch of RafayHackingArticles(RHA)
Cpanel's Latest Version
"Simple website management."
I have discsovered a non persistent Cross site scripting (XSS) inside
the vulnerability can be easily exploited and can be used to steal cookies,
phishing attacks and other various attacks compromising the security of a
Proof of Concept
Log into your CPanel accoutn and navigate to the following link:
Now insert your xss payload inside Dir parameter.
Edit the source code to ensure that input is properly sanitized.