CentOS Web Panel Domain Field Cross Site Scripting

🗓️ 01 May 2019 00:00:00Reported by DKMType

packetstorm🔗 packetstormsecurity.com👁 31 Views

CentOS Web Panel 0.9.8.793 (Free)/0.9.8.753/0.9.8.807 (Pro) Reflected XSS Vulnerabilit

Reporter	Title	Published	Views	Family All 9
CVE	CVE-2019-11429	13 May 201914:44	–	cve
Cvelist	CVE-2019-11429	13 May 201914:44	–	cvelist
Exploit DB	CentOS Web Panel 0.9.8.793 (Free) / v0.9.8.753 (Pro) / 0.9.8.807 (Pro) - Domain Field (Add DNS Zone) Cross-Site Scripting	1 May 201900:00	–	exploitdb
EUVD	EUVD-2019-3104	7 Oct 202500:30	–	euvd
exploitpack	CentOS Web Panel 0.9.8.793 (Free) v0.9.8.753 (Pro) 0.9.8.807 (Pro) - Domain Field (Add DNS Zone) Cross-Site Scripting	1 May 201900:00	–	exploitpack
NVD	CVE-2019-11429	13 May 201915:29	–	nvd
OSV	CVE-2019-11429	13 May 201915:29	–	osv
Prion	Design/Logic Flaw	13 May 201915:29	–	prion
Positive Technologies	PT-2019-12308 · Centos · Centos Web Panel	13 May 201900:00	–	ptsecurity

`# Exploit Title: CentOS Web Panel - Domain Field (Add DNS Zone) Cross-Site Scripting Vulnerability  
# Google Dork: N/A  
# Date: 22 - April - 2019  
# Exploit Author: DKM  
# Vendor Homepage: http://centos-webpanel.com  
# Software Link: http://centos-webpanel.com  
# Version: v0.9.8.793 (Free), v0.9.8.753 (Pro) and 0.9.8.807 (Pro)  
# Tested on: CentOS 7  
# CVE : CVE-2019-11429  
  
# Description:  
CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.793 (Free/Open Source Version), 0.9.8.753 (Pro) and 0.9.8.807 (Pro) is vulnerable to Reflected XSS for the "Domain" field on the "DNS Functions > "Add DNS Zone" screen.  
  
# Steps to Reproduce:  
1. Login into the CentOS Web Panel using admin credential.  
2. From Navigation Click on "DNS Functions" > "Add DNS Zone"  
3. In "Domain" field give simple payload as: "<script>alert(1)</script>//" , fill other details like IP and Admin Email and Click "Add DNS zone"  
4. Now one can see that the XSS Payload executed.  
`

01 May 2019 00:00Current

0.3Low risk

Vulners AI Score0.3

EPSS0.00294