CVE-2019-10893
CentOS Web Panel 0.9.8.793 (Free) / 0.9.8.753 (Pro) - Cross-Site Scripting
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.793 (Free/Open Source Version) and 0.9.8.753 (Pro) is vulnerable to Stored/Persistent XSS for Admin Email fields on the "CWP Settings > "Edit Settings" screen. By changing the email ID to any XSS Payload and clicking on Save Changes, the XSS Payload will execute.
CentOS-WebPanel.com (también conocido CWP) CentOS Web Panel 0.9.8.793 (Free/Open Source Version) y 0.9.8.753 (Pro) es vulnerable a Corss-Site Scripting (XSS) almacenado/persistente en el campo "Admin Email" en la pantalla "CWP Settings > "Edit Settings". Cambiando el ID del email a cualquier payload XSS y clicando en "Save Changes", se ejecutará el payload XSS
CentOS Web Panel versions 0.9.8.793 (Free) and 0.9.8.753 (Pro) suffer from an email field persistent cross site scripting vulnerability.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-04-05 CVE Reserved
- 2019-04-08 CVE Published
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- 2024-09-08 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (5)
URL | Tag | Source |
---|---|---|
http://packetstormsecurity.com/files/152437/CentOS-Web-Panel-0.9.8.793-Free-0.9.8.753-Pro-Cross-Site-Scripting.html | Third Party Advisory | |
http://www.securityfocus.com/bid/108035 | Third Party Advisory | |
https://packetstormsecurity.com/files/152437/centoswp098email-xss.txt | Third Party Advisory |
URL | Date | SRC |
---|---|---|
https://www.exploit-db.com/exploits/46669 | 2024-08-04 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://forum.centos-webpanel.com/informations | 2019-05-02 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Centos-webpanel Search vendor "Centos-webpanel" | Centos Web Panel Search vendor "Centos-webpanel" for product "Centos Web Panel" | 0.9.8.753 Search vendor "Centos-webpanel" for product "Centos Web Panel" and version "0.9.8.753" | pro |
Affected
| ||||||
Centos-webpanel Search vendor "Centos-webpanel" | Centos Web Panel Search vendor "Centos-webpanel" for product "Centos Web Panel" | 0.9.8.793 Search vendor "Centos-webpanel" for product "Centos Web Panel" and version "0.9.8.793" | free |
Affected
|