Discovered by: Rafay Baloch of RafayHackingArticles(RHA)
Cpanel's Latest Version
"Simple website management."
I have discsovered a non persistent Cross site scripting (XSS) inside
Cpanel, the vulnerability can be easily exploited and can be used to steal cookies,
perform phishing attacks and other various attacks compromising the security of a
Proof of Concept
Log into your CPanel accoutn and navigate to the following link:
Now insert your xss payload inside Dir parameter.
Edit the source code to ensure that input is properly sanitized.