CVE-2019-10893

MEDIUM

CentOS Web Panel 0.9.8.793 Free and 0.9.8.753 Pro - Stored Cross-Site Scripting in Admin Email Field

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-10893. PoCs published by DKM.

AI-analyzed exploit summary This is a writeup describing a stored XSS vulnerability in CentOS Web Panel versions v0.9.8.793 (Free) and v0.9.8.753 (Pro). The vulnerability allows an attacker to inject malicious JavaScript code into the admin email field, which executes when saved.

Description

CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.793 (Free/Open Source Version) and 0.9.8.753 (Pro) is vulnerable to Stored/Persistent XSS for Admin Email fields on the "CWP Settings > "Edit Settings" screen. By changing the email ID to any XSS Payload and clicking on Save Changes, the XSS Payload will execute.

Exploits (1)

exploitdb WRITEUP

by DKM · textwebappslinux

https://www.exploit-db.com/exploits/46669

View Code ZIP pw:eip

This is a writeup describing a stored XSS vulnerability in CentOS Web Panel versions v0.9.8.793 (Free) and v0.9.8.753 (Pro). The vulnerability allows an attacker to inject malicious JavaScript code into the admin email field, which executes when saved.

Classification

Writeup 100%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: CentOS Web Panel v0.9.8.793 (Free) and v0.9.8.753 (Pro)

Auth required

Prerequisites: Admin credentials for CentOS Web Panel

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6

Core References

Vendor Advisory x_refsource_misc

http://forum.centos-webpanel.com/informations/

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/46669/

Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/152437/CentOS-Web-Panel-0.9.8.793-Free-0.9.8.753-Pro-Cross-Site-Scripting.html

Third Party Advisory, VDB Entry x_refsource_misc

https://packetstormsecurity.com/files/152437/centoswp098email-xss.txt

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/108035

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/46669

Scores

CVSS v3 4.8

EPSS 0.0288

EPSS Percentile 85.1%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (2)

centos-webpanel/centos_web_panel 0.9.8.753

centos-webpanel/centos_web_panel 0.9.8.793

Published Apr 18, 2019

Tracked Since Feb 18, 2026