CVE-2019-10261

Name of the Vulnerable Software and Affected Versions CentOS Web Panel version 0.9.8.789

Description The issue concerns a Stored/Persistent XSS vulnerability in the DNS Functions component of the application, specifically affecting the "Name Server 1" and "Name Server 2" fields via the "Edit Nameservers IPs" action. This vulnerability can be exploited by a remote attacker to perform cross-site scripting.

Recommendations For CentOS Web Panel version 0.9.8.789, as a temporary workaround, consider restricting access to the DNS Functions component, specifically the "Edit Nameservers IPs" action, to minimize the risk of exploitation. Avoid using the Name Server 1 and Name Server 2 fields in the affected DNS Functions until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.