id: CVE-2023-29489 info: name: cPanel - Cross-Site Scripting author: DhiyaneshDk severity: medium description: | An issue was discovered in cPanel before 11.109.9999.116. Cross Site Scripting can occur on the cpsrvd error page via an invalid webcall ID. reference: - https://blog.assetnote.io/2023/04/26/xss-million-websites-cpanel/ - https://nvd.nist.gov/vuln/detail/CVE-2023-29489 - https://forums.cpanel.net/threads/cpanel-tsr-2023-0001-full-disclosure.708949/ classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2023-29489 cwe-id: CWE-79 epss-score: 0.00203 cpe: cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:* metadata: max-request: 1 shodan-query: title:"cPanel" verified: true vendor: cpanel product: cpanel tags: cve,cve2023,cpanel,xss http: - method: GET path: - '{{BaseURL}}/cpanelwebcall/aaaaaaaaaaaa' matchers-condition: and matchers: - type: word part: body words: - 'aaaaaaaaaaaa' - 'Invalid webcall ID:' condition: and - type: status status: - 400