CVE-2023-29489

MEDIUM NUCLEI

cPanel < 11.102.0.31 - Cross-Site Scripting via Invalid Webcall ID

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 19 public exploits for CVE-2023-29489. PoCs published by 0-d3y, whalebone7, mdaseem03. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository contains a Python-based scanner for CVE-2023-29489, an XSS vulnerability in cPanel. The script automates the detection of vulnerable hosts by injecting an XSS payload and checking for its execution.

Description

An issue was discovered in cPanel before 11.109.9999.116. XSS can occur on the cpsrvd error page via an invalid webcall ID, aka SEC-669. The fixed versions are 11.109.9999.116, 11.108.0.13, 11.106.0.18, and 11.102.0.31.

Exploits (19)

nomisec SCANNER 12 stars
by 0-d3y · poc
https://github.com/0-d3y/CVE-2023-29489

This repository contains a Python-based scanner for CVE-2023-29489, an XSS vulnerability in cPanel. The script automates the detection of vulnerable hosts by injecting an XSS payload and checking for its execution.

Classification
Scanner 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: cPanel
No auth needed
Prerequisites: list of target URLs · Python 3.6+ · requests · BeautifulSoup · shodan · pystyle
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec SCANNER 7 stars
by whalebone7 · poc
https://github.com/whalebone7/EagleEye

The repository provides a Bash script (`ee.sh`) that automates the detection of XSS vulnerabilities by analyzing screenshots taken by HTTPX for the presence of a specified keyword (e.g., an XSS payload). It uses Tesseract OCR to extract text from screenshots and filters URLs where the keyword is found.

Classification
Scanner 90%
Attack Type
Xss
Complexity
Moderate
Reliability
Reliable
Target: Web applications (generic, no specific version)
No auth needed
Prerequisites: HTTPX with `-ss` option · Tesseract OCR installed · List of URLs with potential XSS payloads
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec SCANNER 4 stars
by mdaseem03 · poc
https://github.com/mdaseem03/cpanel_xss_2023

This repository contains a Python-based scanner for detecting CVE-2023-29489, an XSS vulnerability in cPanel. It includes functionality for scanning single or multiple URLs, logging results, and sending Telegram notifications.

Classification
Scanner 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: cPanel
No auth needed
Prerequisites: Python 3.x · requests library · click library · PyYAML library
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec STUB 3 stars
by xKore123 · poc
https://github.com/xKore123/cPanel-CVE-2023-29489

The repository contains only a README.md file with a placeholder for an XSS payload related to CVE-2023-29489 in cPanel, but no actual exploit code or details are provided.

Classification
Stub 30%
Attack Type
Xss
Complexity
Theoretical
Reliability
Theoretical
Target: cPanel (version not specified)
No auth needed
Prerequisites: none specified
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec SCANNER 2 stars
by Makurorororororororo · poc
https://github.com/Makurorororororororo/Validate-CVE-2023-29489-scanner-

This repository contains a Python-based scanner for detecting CVE-2023-29489, an XSS vulnerability in cPanel's webcall feature. It uses Selenium to automate browser interactions and check for vulnerability by injecting an XSS payload.

Classification
Scanner 90%
Attack Type
Xss
Complexity
Moderate
Reliability
Reliable
Target: cPanel (version not specified)
No auth needed
Prerequisites: Python 3.10+ · Selenium · Google Chrome · list of target IPs/URLs
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec SCANNER 2 stars
by ipk1 · poc
https://github.com/ipk1/CVE-2023-29489.py

This script scans for CVE-2023-29489, a reflected XSS vulnerability in cPanel, by leveraging Shodan to find cPanel hosts and testing them with a crafted payload. It checks for the presence of the injected XSS payload in the response.

Classification
Scanner 90%
Attack Type
Xss
Complexity
Moderate
Reliability
Reliable
Target: cPanel (version not specified)
No auth needed
Prerequisites: Shodan API key · Network access to target hosts
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec SCANNER 1 stars
by Thuankobtcode · poc
https://github.com/Thuankobtcode/CVE-2023-29489

This repository contains a Python-based scanner for detecting CVE-2023-29489, an XSS vulnerability in cPanel. The tool checks for the presence of the vulnerability by sending crafted requests to a list of target websites and logs vulnerable URLs.

Classification
Scanner 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: cPanel (versions prior to the patched release)
No auth needed
Prerequisites: List of target websites in a text file
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec SCANNER
by Cappricio-Securities · poc
https://github.com/Cappricio-Securities/CVE-2023-29489

This repository contains a Python-based scanner for detecting CVE-2023-29489, a vulnerability in an unspecified target software. The tool checks for the presence of a specific error message in HTTP responses to identify vulnerable endpoints.

Classification
Scanner 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Unspecified (likely a web application with a specific endpoint vulnerability)
No auth needed
Prerequisites: Network access to the target web application · Python 3 environment
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec SCANNER
by md-thalal · poc
https://github.com/md-thalal/CVE-2023-29489

This repository contains a Python-based scanner for detecting CVE-2023-29489, a reflected XSS vulnerability in cPanel. The tool checks for the presence of the vulnerability by sending crafted requests and analyzing responses for the XSS payload.

Classification
Scanner 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: cPanel before 11.109.9999.116
No auth needed
Prerequisites: Network access to the target cPanel instance
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec SCANNER
by some-man1 · poc
https://github.com/some-man1/CVE-2023-29489

This script scans a list of websites for CVE-2023-29489, an XSS vulnerability in cPanel's webcall endpoint. It checks for the presence of an HTTP 400 error and logs vulnerable targets.

Classification
Scanner 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: cPanel (version not specified)
No auth needed
Prerequisites: List of target URLs
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec SCANNER
by prasad-1808 · poc
https://github.com/prasad-1808/tool-29489

This repository contains a Python-based scanner tool designed to detect CVE-2023-29489, an XSS vulnerability in cPanel before 11.109.9999.116. The tool sends HTTP requests with a specific payload to check for the presence of the vulnerability.

Classification
Scanner 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: cPanel before 11.109.9999.116
No auth needed
Prerequisites: Python 3.x · requests library
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec SCANNER
by SynixCyberCrimeMy · poc
https://github.com/SynixCyberCrimeMy/CVE-2023-29489

This repository contains a scanner for CVE-2023-29489, which targets a reflected XSS vulnerability in cPanel. The script uses Selenium to automate browser interactions and checks for the presence of a specific alert text to determine vulnerability.

Classification
Scanner 90%
Attack Type
Xss
Complexity
Moderate
Reliability
Reliable
Target: cPanel (version not specified)
No auth needed
Prerequisites: List of target URLs in 'url.txt' · Selenium WebDriver and Chrome browser installed
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec SCANNER
by S4muraiMelayu1337 · poc
https://github.com/S4muraiMelayu1337/CVE-2023-29489

This repository contains a Python-based scanner for CVE-2023-29489, which checks for the presence of a reflected XSS vulnerability in cPanel's webcall endpoint. It reads a list of target URLs, tests each for vulnerability, and logs vulnerable endpoints to a file.

Classification
Scanner 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: cPanel (specific version not specified)
No auth needed
Prerequisites: List of target URLs in a text file · Python 3 with required libraries (requests, colorama)
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by ViperM4sk · poc
https://github.com/ViperM4sk/cpanel-xss-177

This repository contains a Python script that exploits CVE-2023-29489, a reflected XSS vulnerability in cPanel versions 11.102.0.x < 11.102.0.31, 11.106.0.x < 11.106.0.x, 11.108.0.x < 11.108.0.13, and 11.109.9999.x < 11.109.9999.116. The script generates a malicious payload to trigger the XSS via a crafted web call ID request.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: cPanel (versions 11.102.0.x < 11.102.0.31, 11.106.0.x < 11.106.0.x, 11.108.0.x < 11.108.0.13, 11.109.9999.x < 11.109.9999.116)
No auth needed
Prerequisites: Access to a vulnerable cPanel instance · Ability to craft and send a malicious URL to a victim
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec SCANNER
by tucommenceapousser · poc
https://github.com/tucommenceapousser/CVE-2023-29489.py

This script scans for CVE-2023-29489, a reflected XSS vulnerability in cPanel, by leveraging Shodan to find cPanel hosts and testing them with a crafted payload. It checks for the presence of an injected img tag with an onerror handler.

Classification
Scanner 90%
Attack Type
Xss
Complexity
Moderate
Reliability
Reliable
Target: cPanel (version not specified)
No auth needed
Prerequisites: Shodan API key · Network access to target hosts
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec SCANNER
by tucommenceapousser · poc
https://github.com/tucommenceapousser/CVE-2023-29489

This script is a mass scanner for CVE-2023-29489, which exploits an XSS vulnerability in cPanel by injecting an img tag with an onerror event. It checks if the target is vulnerable by verifying the presence of the injected payload in the response.

Classification
Scanner 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: cPanel (version not specified)
No auth needed
Prerequisites: List of target URLs in a text file
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec SCANNER
by Mostafa-Elguerdawi · poc
https://github.com/Mostafa-Elguerdawi/CVE-2023-29489

This YAML file is a Nuclei template designed to detect CVE-2023-29489, a reflected XSS vulnerability in cPanel. It sends a crafted GET request to the vulnerable endpoint and checks for the presence of the injected payload in the response.

Classification
Scanner 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: cPanel (version not specified)
No auth needed
Prerequisites: Access to the cPanel web interface
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec SCANNER
by learnerboy88 · poc
https://github.com/learnerboy88/CVE-2023-29489

This YAML file is a Nuclei template designed to detect the presence of CVE-2023-29489, a reflected XSS vulnerability in cPanel. It sends a crafted GET request to the target URL and checks for the presence of the injected payload in the response.

Classification
Scanner 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: cPanel (versions affected by CVE-2023-29489)
No auth needed
Prerequisites: Access to the cPanel web interface
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

cPanel < 11.109.9999.116 - Cross-Site Scripting
MEDIUMVERIFIEDby DhiyaneshDk,0xKayala
Shodan: title:"cPanel" || http.title:"cpanel" || cpe:"cpe:2.3:a:cpanel:cpanel" || http.title:"cpanel - api codes"
FOFA: title="cpanel - api codes" || title="cpanel"

References (2)

Core 2

Scores

CVSS v3 5.3
EPSS 0.6553
EPSS Percentile 99.2%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-79
Status published
Products (1)
cpanel/cpanel < 11.102.0.31
Published Apr 27, 2023
Tracked Since Feb 18, 2026