cPanel 10.9.x - XSS in cPanel Pro



DESCRIPTION


A forgotten XSS issue was found in one of the scripts included with cPanel Pro:

https://example.com:2083/frontend/x3/cpanelpro/


The script was possibly one of the following:

bluelagoon.html
changestatus.html
convert.html
doconvert.html
doscale.html
dothumbdir.html
editlists.html
editmsgs.html
filelist-convert.html
filelist-scale.html
filelist-thumbs.html
forwardlist.html
ignorelist.html
images.html
manage.html
msgaction.html
saveconf.html
savefile.html
scale.html
submitsupport.html
support.html
thumbdir.html
whitelist.html



IMPACT


A local cPanel user with javascript enabled in their web browser could potentially be tricked into issuing a request to cPanel. Also, if cookie auth for cPanel/WHM is enabled (skiphttpauth=1 in /var/cpanel/cpanel.config), that user's cookie could potentially be stolen and be used to log into that user's cPanel account. Cookie based auth is not enabled by default.