cPanel 11.23.1-EDGE_24773 - XSS in /download


XSS in cPanel:<XSS>


A local cPanel user with javascript enabled in their web browser could potentially be tricked into issuing a request to cPanel. Also, if cookie auth for cPanel/WHM is enabled (skiphttpauth=1 in /var/cpanel/cpanel.config), that user's cookie could potentially be stolen and be used to log into that user's cPanel account. cookie auth is not enabled by default.