Webpanel@* Security Vulnerabilities and Issues — Webpanel@* CVE List

Lucene search

Control-webpanelWebpanel*

4 matches found

CVE•added 2019/03/26 4:29 p.m.•58 views

CVE-2019-7646

CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.763 is vulnerable to Stored/Persistent XSS for the "Package Name" field via the add_package module parameter.

4.8CVSS4.8AI score0.00482EPSS

CVE•added 2019/12/17 4:15 p.m.•53 views

CVE-2019-14782

CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.856 through 0.9.8.864 allows an attacker to get a victim's session file name from the /tmp directory, and the victim's token value from /usr/local/cwpsrv/logs/access_log, then use them to make a request to extract the victim's password (for the O...

6.5CVSS6.4AI score0.00419EPSS

CVE•added 2019/05/21 6:29 p.m.•45 views

CVE-2019-12190

XSS was discovered in CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.747 via the testacc/fileManager2.php fm_current_dir or filename parameter.

5.4CVSS5.3AI score0.00206EPSS

CVE•added 2019/12/17 4:15 p.m.•36 views

CVE-2019-15235

CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.864 allows an attacker to get a victim's session file name from /home/[USERNAME]/tmp/session/sess_xxxxxx, and the victim's token value from /usr/local/cwpsrv/logs/access_log, then use them to gain access to the victim's password (for the OS and p...

6.5CVSS6.6AI score0.00419EPSS