D I N E S H

WELCOMES YOU!!

BODY SKIN


×

CentOS Web Panel

CentOS Web Panel Stored XSS

v0.9.8.763 or Below Stored XSS Vulnerability

Description:

A Stored Cross Site Scripting (Stored XSS) Vulnerability is found in the "Package Name" Field within the "Add a Package (add_package)" module of CentOS Web Panel. This is because the application does not properly sanitize users input.
(Copy of the Homepage: http://centos-webpanel.com/features )

Steps to Reproduce:

1. Login into the CentOS Web Panel using admin credentials
2. From Navigation Click on "Packages" -> then click on "Add a Package"
3. In "Package Name" field give simple alert XSS payload and provide other details, then click on Save/Create
4. Now again from Navigation click on "Packages" -> then click on "List Packages"
5. Now the given XSS Payload will trigger confirming the presence of Stored XSS

CVE ID:

CVE-2019-7646

Release Date:

2019 - 01 - 10

Vulnerability Class:

Cross Site Scripting - Persistent

Abstract Advisory Information:

Dinesh Kumar Mohanty discovered Stored XSS vulnerability in the CentOS Web Panel v0.9.8.763

Discovery Status:

Published

Affected Product(s):

CWP Product: CentOS Web Panel - (CWP) 0.9.8.763

Exploitation Technique:

Remote

Severity Level:

Medium

Authentication Type:

Restricted authentication - User privileges

Exploit DB URL:

https://www.exploit-db.com/exploits/46349