Attacker Value
Moderate
(1 user assessed)
Exploitability
Very High
(1 user assessed)
User Interaction
Required
Privileges Required
None
Attack Vector
Network
2

CVE-2023-29489

Disclosure Date: April 27, 2023
Exploited in the Wild
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

An issue was discovered in cPanel before 11.109.9999.116. XSS can occur on the cpsrvd error page via an invalid webcall ID, aka SEC-669. The fixed versions are 11.109.9999.116, 11.108.0.13, 11.106.0.18, and 11.102.0.31.

Add Assessment

1
Ratings
  • Attacker Value
    Medium
  • Exploitability
    Very High
Technical Analysis

A cross-site scripting vulnerability was identified in Cpanel with the ability to be exploited without requiring authentication. Furthermore, the XSS vulnerability remains exploitable, even if the cPanel management ports (2080, 2082, 2083, 2086) are not exposed externally. This implies that if your website is managed through cPanel, it may be vulnerable to cross-site scripting on ports 80 and 443.

This vulnerability’s allows us to execute arbitrary JavaScript without the need for authentication on nearly all webserver ports when using cPanel in its default configuration. Even on ports 80 and 443, one can access the /cpanelwebcall/ directory since it is being proxied to the cPanel management ports by Apache.
Consequently, an attacker can not only target the cPanel management ports but also the applications running on ports 80 and 443.

CVSS V3 Severity and Metrics
Base Score:
6.1 Medium
Impact Score:
2.7
Exploitability Score:
2.8
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
Required
Scope (S):
Changed
Confidentiality (C):
Low
Integrity (I):
Low
Availability (A):
None

General Information

Vendors

  • cpanel

Products

  • cpanel

Exploited in the Wild

Reported by:

Additional Info

Technical Analysis