CVE-2019-11429
MEDIUMCentOS-WebPanel.com <0.9.8.793,0.9.8.753,0.9.8.807 - XSS
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2019-11429. PoCs published by DKM.
AI-analyzed exploit summary This is a writeup describing a reflected XSS vulnerability in CentOS Web Panel's 'Add DNS Zone' feature. The vulnerability allows execution of arbitrary JavaScript via the 'Domain' field.
Description
CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.793 (Free/Open Source Version), 0.9.8.753 (Pro) and 0.9.8.807 (Pro) is vulnerable to Reflected XSS for the "Domain" field on the "DNS Functions > "Add DNS Zone" screen.
Exploits (1)
exploitdb
WRITEUP
by DKM · textwebappslinux
https://www.exploit-db.com/exploits/46784
This is a writeup describing a reflected XSS vulnerability in CentOS Web Panel's 'Add DNS Zone' feature. The vulnerability allows execution of arbitrary JavaScript via the 'Domain' field.
Classification
Writeup 100%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target:
CentOS Web Panel v0.9.8.793 (Free), v0.9.8.753 (Pro), and 0.9.8.807 (Pro)
Auth required
Prerequisites:
Valid admin credentials for CentOS Web Panel
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (3)
Core 3
Core References
Vendor Advisory x_refsource_misc
https://CentOS-WebPanel.com
Exploit, Third Party Advisory, VDB Entry exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/46784/
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/152696/CentOS-Web-Panel-Domain-Field-Cross-Site-Scripting.html
Scores
CVSS v3
4.8
EPSS
0.0591
EPSS Percentile
92.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (3)
control-webpanel/webpanel
0.9.8.753
control-webpanel/webpanel
0.9.8.793
control-webpanel/webpanel
0.9.8.807
Published
May 13, 2019
Tracked Since
Feb 18, 2026