CVE-2019-16295: XSS
First published: Thu Oct 31 2019(Updated: )
Stored XSS in filemanager2.php in CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.885 exists via the cmd_arg parameter. This can be exploited by a local attacker who supplies a crafted filename within a directory visited by the victim.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| CWP Control Web Panel | =0.9.8.855 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2019-16295.
What is the title of this vulnerability?
The title of this vulnerability is 'Stored XSS in filemanager2.php in CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.885 exists vi...'.
What is the severity of CVE-2019-16295?
The severity of CVE-2019-16295 is medium with a severity value of 4.6.
What is the affected software for CVE-2019-16295?
The affected software for CVE-2019-16295 is Control-webpanel Webpanel version 0.9.8.855.
How can this vulnerability be exploited?
This vulnerability can be exploited by a local attacker who supplies a crafted filename within a directory visited by the victim.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/weakness
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/control-webpanel
- canonical/cwp control web panel
- version/cwp control web panel/0.9.8.855