CVE-2019-10261

MEDIUM

CentOS Web Panel 0.9.8.789 - Stored Cross-Site Scripting via DNS Nameserver Fields

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-10261. PoCs published by DKM.

AI-analyzed exploit summary This is a writeup describing a stored XSS vulnerability in CentOS Web Panel 0.9.8.789, where the 'Name Server 1' and 'Name Server 2' fields in the 'Edit Nameservers IPs' section fail to sanitize user input, allowing arbitrary JavaScript execution.

Description

CentOS Web Panel (CWP) 0.9.8.789 is vulnerable to Stored/Persistent XSS for the "Name Server 1" and "Name Server 2" fields via a "DNS Functions" "Edit Nameservers IPs" action.

Exploits (1)

exploitdb WRITEUP
by DKM · textwebappslinux
https://www.exploit-db.com/exploits/46629

This is a writeup describing a stored XSS vulnerability in CentOS Web Panel 0.9.8.789, where the 'Name Server 1' and 'Name Server 2' fields in the 'Edit Nameservers IPs' section fail to sanitize user input, allowing arbitrary JavaScript execution.

Classification
Writeup 100%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: CentOS Web Panel 0.9.8.789
Auth required
Prerequisites: Admin credentials for CentOS Web Panel
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/46629
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/107769

Scores

CVSS v3 4.8
EPSS 0.0238
EPSS Percentile 81.8%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
centos-webpanel/centos_web_panel 0.9.8.789
Published Apr 03, 2019
Tracked Since Feb 18, 2026