CVE-2019-10893
CVE-2019-10893
CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.793 (Free/Open Source Version) and 0.9.8.753 (Pro) is vulnerable to Stored/Persistent XSS for Admin Email fields on the "CWP Settings > "Edit Settings" screen. By changing the email ID to any XSS Payload and clicking on Save Changes, the XSS Payload will execute.
Affected products
n/a · n/apublic PoCs found — 4
cve_referencepacketstormsecurity.com/files/152437/CentOS-Web-Panel-0.9.8.793-Free-0.9.8.753-Pro-Cross-Site-Scripting.htmlunverifiedcve_referencepacketstormsecurity.com/files/152437/centoswp098email-xss.txtunverifiedcve_referencewww.exploit-db.com/exploits/46669/unverifiedcve_referencewww.exploit-db.com/exploits/46669unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://forum.centos-webpanel.com/informations/http://packetstormsecurity.com/files/152437/CentOS-Web-Panel-0.9.8.793-Free-0.9.8.753-Pro-Cross-Site-Scripting.htmlhttps://packetstormsecurity.com/files/152437/centoswp098email-xss.txthttps://www.exploit-db.com/exploits/46669https://www.exploit-db.com/exploits/46669/http://www.securityfocus.com/bid/108035