Lucene search
DKMPACKETSTORM:151630HistoryFeb 12, 2019 - 12:00 a.m.
CentOS Web Panel 0.9.8.763 Cross Site Scripting
2019-02-1200:00:00
DKM
packetstormsecurity.com
46
0.002 Low
EPSS
Percentile
53.4%
`# Exploit Title: CentOS Web Panel 0.9.8.763 - Stored Cross-Site Scripting Vulnerability
# Google Dork: N/A
# Date: 10 - January - 2019
# Exploit Author: DKM
# Vendor Homepage: http://centos-webpanel.com
# Software Link: http://centos-webpanel.com
# Version: v0.9.8.763
# Tested on: CentOS 7
# CVE : CVE-2019-7646
# Description:
A Stored Cross Site Scripting vulnerability is found in the "Package Name" Field within the 'Add a Package (add_package)' module. This is because the application does not properly sanitize the users input.
# Steps to Reproduce:
1. Login into the CentOS Web Panel using admin credential.
2. From Navigation Click on "Packages" -> then Click on "Add a Package"
3. In "Package Name" field give payload as: <script>alert(1)</script> and provide other details and click on "Create"
4. Now again from Navigation Click on "Packages" -> then Click on "List Packages"
5. Now one can see that the XSS Payload executed.
`
Related
prion
prion
Cross site scripting
2019-03-26 16:29:00
cve
cve
CVE-2019-7646
2019-03-26 16:29:00
zdt
zdt
CentOS Web Panel 0.9.8.763 - Persistent Cross-Site Scripting Vulnerability
2019-02-11 00:00:00
exploitpack
exploitpack
CentOS Web Panel 0.9.8.763 - Persistent Cross-Site Scripting
2019-02-11 00:00:00
exploitdb
exploitdb
CentOS Web Panel 0.9.8.763 - Persistent Cross-Site Scripting
2019-02-11 00:00:00