CVE-2019-13387

Name of the Vulnerable Software and Affected Versions CentOS Web Panel version 0.9.8.846

Description The issue allows attackers to steal a cookie or session, or redirect to a phishing website through Reflected XSS in the filemanager2.php file, specifically targeting the fm current dir parameter. This can lead to unauthorized access or further malicious activities.

Recommendations For version 0.9.8.846, consider disabling access to the filemanager2.php file or restricting the use of the fm current dir parameter until a patch is available. Additionally, restrict access to sensitive areas of the web panel to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.