CVE-2023-29489

Name of the Vulnerable Software and Affected Versions cPanel versions prior to 11.109.9999.116 cPanel versions prior to 11.108.0.13 cPanel versions prior to 11.106.0.18 cPanel versions prior to 11.102.0.31

Description A reflected Cross-Site Scripting (XSS) vulnerability was discovered in cPanel. The issue occurs on the cpsrvd error page via an invalid webcall ID. This vulnerability can be exploited by a remote attacker to impact the confidentiality and integrity of protected information. There have been reports of hacktivists sharing attack methods and scripts to identify and exploit this vulnerability.

Recommendations For versions prior to 11.109.9999.116, update to version 11.109.9999.116 or later. For versions prior to 11.108.0.13, update to version 11.108.0.13 or later. For versions prior to 11.106.0.18, update to version 11.106.0.18 or later. For versions prior to 11.102.0.31, update to version 11.102.0.31 or later. As a temporary workaround, consider restricting access to the cpsrvd error page until a patch is available.