CVE-2019-10893 (centos_web_panel) (aka CWP) CentOS Web Panel (Free/Open Source Version) and (Pro) is vulnerable to Stored/Persistent XSS for Admin Email fields on the “CWP Settings > “Edit Settings” screen. By changing the email ID to any XSS Payload and clicking on Save Changes, the XSS Payload will execute.
Source: NIST
CVE-2019-10893 (centos_web_panel)

Leave a Reply

Your email address will not be published. Required fields are marked *