Researcher Finds XSS Vulnerabilities in cPanel & WHM 11.34

A detailed proof-of-concept has been published by the expert

By Eduard Kovacs on December 27th, 2012 15:28 GMT

Security researcher Christy Philip Mathew has identified cross-site scripting (XSS) vulnerabilities in cPanel & WHM 11.34, the latest version of the popular web hosting control panel.

Security holes have been found on the Basic cPanel & WHM Setup page, and on a couple of webpages of the X3 theme demo.

The expert has released a YouTube video along with a detailed proof-of-concept which he has published on The Hacker News.

He told me in an email that the vulnerability had been reported to CERT, but not the vendor itself.

Mathew is not the only researcher to identify XSS flaws in cPanel. Earlier this week, Rafay Baloch discovered similar vulnerabilities.

“The vulnerability can be easily exploited and can be used to steal cookies, perform phishing attacks and other various attacks compromising the security of a user,” the expert wrote in the advisory he published.
Researcher Finds XSS Vulnerabilities in cPanel & WHM 11.34 – Video
Click to play video
MORE ON THIS TOPIC
LATEST NEWS
HOT RIGHT NOW

Comments