CentOS Web Panel 0.9.8.793 (Free) / 0.9.8.753 (Pro) Cross Site Scripting

`# Exploit Title: CentOS Web Panel v0.9.8.793 (Free) and v0.9.8.753 (Pro) - Email Field Stored Cross-Site Scripting Vulnerability  
# Google Dork: N/A  
# Date: 06 - April - 2019  
# Exploit Author: DKM  
# Vendor Homepage: http://centos-webpanel.com  
# Software Link: http://centos-webpanel.com  
# Version: v0.9.8.793 (Free) and v0.9.8.753 (Pro)  
# Tested on: CentOS 7  
# CVE : CVE-2019-10893  
  
# Description:  
CentOS-WebPanel.com (aka CWP) CentOS Web Panel v0.9.8.793 (Free/Open Source Version) and v0.9.8.753 (Pro) is vulnerable to Stored/Persistent XSS for Admin Email fields on the "CWP Settings > "Edit Settings" screen. By changing the email ID to any XSS Payload and clicking on Save Changes, the XSS Payload will execute.  
  
# Steps to Reproduce:  
1. Login into the CentOS Web Panel using admin credential.  
2. From Navigation Click on "CWP Settings then Click on "Edit Settings"  
3. In "Email Address" field give simple payload as: <script>alert(1)</script> and Click Save Changes  
4. Now one can see that the XSS Payload executed.  
5. The application does not properly sanitize the user input even does not validation/check the user input is valid email id or not.  
`