CVE-2018-5962

Name of the Vulnerable Software and Affected Versions: CentOS Web Panel versions through v0.9.8.12

Description: The issue concerns an XSS vulnerability. It can be exploited via the id parameter to the phpini editor module or the email address parameter to the mail add-new module in the index.php file.

Recommendations: For versions through v0.9.8.12, avoid using the id parameter in the phpini editor module and the email address parameter in the mail add-new module until a fix is available. As a temporary workaround, consider restricting access to these modules to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.