CPanel Filename Based Stored XSS up to v80 Vulnerability / Exploit

  /     /     /  

Exploits / Vulnerability Discovered : 2020-12-08 | Type : webaps | Platform : php
This exploit / vulnerability CPanel Filename Based Stored XSS up to v80 is for educational purposes only and if it is used you will do on your own risk!

[+] Code ...


[+] Title: cPanel Filename Based Stored XSS up to v80

[+] Vendor Homepage: cpanel.com

[+] Version: Up to v80.

[~] Description:
Attacker can run JavaScript codes on this page:
https://ip_or_domain:2083/cpsessXXXXXXXXXX/frontend/THEME/raw/index.html

[~] How to Reproduce:
Create a file as named with your javascript payload eg: <img src onerror=alert(2)> in /home/user/logs directory
and then run that link


Note: You cant create a file as named with slash character by this exploit.

This vulnerability is disclosed by cPanel Team's confirmation.

// for secure days...

CPanel Filename Based Stored XSS up to v80


Last added Exploits Vulnerabilities

▸ soplanning 1.52.01 (simple online planning tool) - remote code execution (rce) (authenticated) ◂
Discovered: 2024-11-15
Type: webapps
Platform: php
▸ rengine 2.2.0 - command injection (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: multiple
▸ opensis 9.1 - sqli (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: php



Tags:
CPanel Filename Based Stored XSS up to v80 Vulnerability / Exploit