Vulnerability Details CVE-2019-10893
CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.793 (Free/Open Source Version) and 0.9.8.753 (Pro) is vulnerable to Stored/Persistent XSS for Admin Email fields on the "CWP Settings > "Edit Settings" screen. By changing the email ID to any XSS Payload and clicking on Save Changes, the XSS Payload will execute.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 63.0%
CVSS Severity
CVSS v3 Score 4.8
CVSS v2 Score 3.5
References
- http://forum.centos-webpanel.com/informations/
- http://packetstormsecurity.com/files/152437/CentOS-Web-Panel-0.9.8.793-Free-0.9.8.753-Pro-Cross-Site-Scripting.html
- http://www.securityfocus.com/bid/108035
- https://packetstormsecurity.com/files/152437/centoswp098email-xss.txt
- https://www.exploit-db.com/exploits/46669
- https://www.exploit-db.com/exploits/46669/
- http://forum.centos-webpanel.com/informations/
- http://packetstormsecurity.com/files/152437/CentOS-Web-Panel-0.9.8.793-Free-0.9.8.753-Pro-Cross-Site-Scripting.html
- http://www.securityfocus.com/bid/108035
- https://packetstormsecurity.com/files/152437/centoswp098email-xss.txt
- https://www.exploit-db.com/exploits/46669
- https://www.exploit-db.com/exploits/46669/
Products affected by CVE-2019-10893
-
cpe:2.3:o:centos-webpanel:centos_web_panel:0.9.8.753
-
cpe:2.3:o:centos-webpanel:centos_web_panel:0.9.8.793