CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2019-16295

Stored XSS in filemanager2.php in CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.885 exists via the cmd_arg parameter. This can be exploited by a local attacker who supplies a crafted filename within a directory visited by the victim.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 28.9%

CVSS Severity

CVSS v3 Score 4.6

CVSS v2 Score 1.9

References

http://packetstormsecurity.com/files/154990/CWP-0.9.8.885-Cross-Site-Scripting.html
https://centos-webpanel.com/changelog-cwp7
http://packetstormsecurity.com/files/154990/CWP-0.9.8.885-Cross-Site-Scripting.html
https://centos-webpanel.com/changelog-cwp7

Products affected by CVE-2019-16295

Control-Webpanel » Webpanel » Version: 0.9.8.855

cpe:2.3:a:control-webpanel:webpanel:0.9.8.855

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-16295

Products

Pricing

Contact Us