<<< Date Index >>>     <<< Thread Index >>>

cPanel 10 handle.html XSS Vulnerability



mime/handle.html (usually 
https://www.example.com/cpanel/frontend/x/mime/handle.html) of cPanel 10 is 
vulnerable to an XSS vulnerability. This can be leveraged by entering an 
injected html into the extension and/or mime-type specified. I sucesfully 
leveraged this issue causing the page to execute the code 
<script>alert('hi')</script> each time. I also got it to properly display an 
image with the img-src tag. This is semipermanent because it stays on the page 
after the URL is left.