cPanel 10.9.x - XSS in cPanel Pro
DESCRIPTION
A forgotten XSS issue was found in one of the scripts included with cPanel Pro:
https://example.com:2083/frontend/x3/cpanelpro/
The script was possibly one of the following:
bluelagoon.html changestatus.html convert.html doconvert.html doscale.html dothumbdir.html editlists.html editmsgs.html filelist-convert.html filelist-scale.html filelist-thumbs.html forwardlist.html ignorelist.html images.html manage.html msgaction.html saveconf.html savefile.html scale.html submitsupport.html support.html thumbdir.html whitelist.html
IMPACT
A local cPanel user with javascript enabled in their web browser could potentially be tricked into issuing a request to cPanel. Also, if cookie auth for cPanel/WHM is enabled (skiphttpauth=1 in /var/cpanel/cpanel.config), that user's cookie could potentially be stolen and be used to log into that user's cPanel account. Cookie based auth is not enabled by default.