CentOS Web Panel 0.9.8.789 - NameServer Field Stored Cross-Site Scripting Vulnerability

vendor:

CentOS Web Panel

by:

DKM

4.8

CVSS

MEDIUM

Stored/Persistent XSS

CWE

Product Name: CentOS Web Panel

Affected Version From: 0.9.8.789

Affected Version To: 0.9.8.789

Patch Exists: YES

Related CWE: CVE-2019-10261

CPE: a:centos-webpanel:centos_web_panel

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: CentOS 7

2019

CentOS Web Panel 0.9.8.789 – NameServer Field Stored Cross-Site Scripting Vulnerability

CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.789 is vulnerable to Stored/Persistent XSS for the 'Name Server 1' and 'Name Server 2' fields via 'DNS Functions' for 'Edit Nameservers IPs' action. This is because the application does not properly sanitize the users input.

Mitigation:

Input validation and sanitization should be done to prevent XSS attacks.

Source

Exploit-DB raw data:

# Exploit Title: CentOS Web Panel 0.9.8.789 - NameServer Field Stored Cross-Site Scripting Vulnerability
# Google Dork: N/A
# Date: 28 - March - 2019
# Exploit Author: DKM
# Vendor Homepage: http://centos-webpanel.com
# Software Link: http://centos-webpanel.com
# Version: 0.9.8.789
# Tested on: CentOS 7
# CVE : CVE-2019-10261

# Description:
CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.789 is vulnerable to Stored/Persistent XSS for the "Name Server 1" and "Name Server 2" fields via "DNS Functions" for "Edit Nameservers IPs" action. This is because the application does not properly sanitize the users input.


# Steps to Reproduce:
1. Login into the CentOS Web Panel using admin credential.
2. From Navigation Click on "DNS Functions" -> then Click on "Edit Nameservers IPs"
3. In "Name Server 1" and "Name Server 2" field give simple payload as: <script>alert(1)</script> and Click Save Changes
4. Now one can see that the XSS Payload executed and even accessing the home page Stored XSS for nameservers executes.