CVE-2019-7646

CVSS v3.1

4.8

Medium

Vector

AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions CentOS Web Panel versions through 0.9.8.763

Description The issue concerns a Stored/Persistent XSS vulnerability. It affects the add package module, specifically the Package Name field. This allows for potential exploitation via the module parameter.

Recommendations For versions through 0.9.8.763, as a temporary workaround, consider restricting access to the add package module until a patch is available. Avoid using the Package Name field in the affected module to minimize the risk of exploitation.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2019-7646

Affected Products

Centos Web Panel

CVE-2019-7646

Weakness Enumeration

Related Identifiers

Affected Products

References · 5