CVE-2023-29489
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2023-29489
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
An issue was discovered in cPanel before 11.109.9999.116. XSS can occur on the cpsrvd error page via an invalid webcall ID, aka SEC-669. The fixed versions are 11.109.9999.116, 11.108.0.13, 11.106.0.18, and 11.102.0.31.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Cpanel 跨站脚本漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Cpanel是美国Cpanel公司的一套基于Web的自动化主机托管平台。该平台主要用于自动化管理网站和服务器。 Cpanel 11.109.9999.116之前版本存在安全漏洞。攻击者利用该漏洞可以执行跨站脚本攻击。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Shenlong Deep Dive — AI Deep Analysis
10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | n/a | n/a | - |
II. Public POCs for CVE-2023-29489
| # | POC Description | Source Link | Shenlong Link |
|---|---|---|---|
| 1 | Nuclei template for CVE-2023-29489 | https://github.com/learnerboy88/CVE-2023-29489 | POC Details |
| 2 | None | https://github.com/xKore123/cPanel-CVE-2023-29489 | POC Details |
| 3 | a pyhton script to test all results from shodan for cPanel CVE-2023-29489, credits to @assetnote, I just automate | https://github.com/ipk1/CVE-2023-29489.py | POC Details |
| 4 | None | https://github.com/Mostafa-Elguerdawi/CVE-2023-29489.yaml | POC Details |
| 5 | None | https://github.com/Mostafa-Elguerdawi/CVE-2023-29489 | POC Details |
| 6 | Scanner CVE-2023-29489 Python (Selenium) | https://github.com/haxor1337x/Scanner-CVE-2023-29489 | POC Details |
| 7 | To filter the actual vulnerable URLs from the screenshots, you can use the ee.sh script. Simply run ./ee.sh -f "path/to/index_screenshot.txt" -k "hacked" and the script will filter the URLs that contain the reflective XSS payload (For Example: cPanel CVE-2023-29489 ) in their screenshots. | https://github.com/whalebone7/EagleEye | POC Details |
| 8 | CVE-2023-29489 mass exploit | https://github.com/1337r0j4n/CVE-2023-29489 | POC Details |
| 9 | CVE-2023-29489-XSS | https://github.com/Abdullah7-ma/CVE-2023-29489 | POC Details |
| 10 | None | https://github.com/tucommenceapousser/CVE-2023-29489 | POC Details |
| 11 | None | https://github.com/tucommenceapousser/CVE-2023-29489.py | POC Details |
| 12 | Mass Exploitation For (CVE-2023-29489) | https://github.com/ViperM4sk/cpanel-xss-177 | POC Details |
| 13 | None | https://github.com/S4muraiMelayu1337/CVE-2023-29489 | POC Details |
| 14 | SynixCyberCrimeMY CVE-2023-29489 Scanner By SamuraiMelayu1337 & h4zzzzzz@scc | https://github.com/SynixCyberCrimeMy/CVE-2023-29489 | POC Details |
| 15 | None | https://github.com/Makurorororororororo/Validate-CVE-2023-29489-scanner- | POC Details |
| 16 | This Tool is used to check for CVE-2023-29489 Vulnerability in the provided URL with the set of payloads available | https://github.com/prasad-1808/tool-29489 | POC Details |
| 17 | None | https://github.com/Praveenms13/CVE-2023-29489 | POC Details |
| 18 | cpanel_xss_2023 is a simple Python script designed for finding CVE-2023-29489 vulnerability in cpanel. | https://github.com/mdaseem03/cpanel_xss_2023 | POC Details |
| 19 | # CVE-2023-29489 exploit | https://github.com/some-man1/CVE-2023-29489 | POC Details |
| 20 | An issue was discovered in cPanel before 11.109.9999.116. Cross-Site Scripting can occur on the cpsrvd error page via an invalid webcall ID. | https://github.com/Cappricio-Securities/CVE-2023-29489 | POC Details |
| 21 | None | https://github.com/md-thalal/CVE-2023-29489 | POC Details |
| 22 | Mass Scaning vulnerability in Cpanel [XSS] | https://github.com/0-d3y/CVE-2023-29489 | POC Details |
| 23 | An issue was discovered in cPanel before 11.109.9999.116. Cross Site Scripting can occur on the cpsrvd error page via an invalid webcall ID. | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-29489.yaml | POC Details |
| 24 | None | https://github.com/Thuankobtcode/CVE-2023-29489 | POC Details |
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2023-29489
请登录查看更多情报信息。
Same Patch Batch · n/a · 2023-04-27 · 22 CVEs total
| CVE-2023-30349 | jfinal cms 安全漏洞 | |
| CVE-2023-25292 | Intermesh BV Group Office 跨站脚本漏洞 | |
| CVE-2023-26243 | Hyundai Gen5W_L 安全漏洞 | |
| CVE-2023-26244 | Hyundai Gen5W_L 安全漏洞 | |
| CVE-2023-26245 | Hyundai Gen5W_L 安全漏洞 | |
| CVE-2023-26246 | Hyundai Gen5W_L 安全漏洞 | |
| CVE-2022-47758 | Nanoleaf firmware 信任管理问题漏洞 | |
| CVE-2023-31285 | Serenity Serene 跨站脚本漏洞 | |
| CVE-2023-31286 | Serenity Serene 安全漏洞 | |
| CVE-2023-31287 | Serenity Serene 授权问题漏洞 | |
| CVE-2023-31290 | Trust Wallet Core 安全特征问题漏洞 | |
| CVE-2023-30380 | Desdev DedeCMS 路径遍历漏洞 | |
| CVE-2023-30338 | Emlog 跨站脚本漏洞 | |
| CVE-2022-31647 | Docker Desktop 后置链接漏洞 | |
| CVE-2022-34292 | Docker Desktop 后置链接漏洞 | |
| CVE-2022-37326 | Docker Desktop 安全漏洞 | |
| CVE-2022-38730 | Docker Desktop 安全漏洞 | |
| CVE-2023-29950 | swfrender 缓冲区错误漏洞 | |
| CVE-2022-25091 | Infopop Ultimate Bulletin Board 安全漏洞 | |
| CVE-2023-25437 | Vtech VCS754 安全漏洞 |
Showing top 20 of 22 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
V. Comments for CVE-2023-29489
No comments yet