cPanel 11.23.1-EDGE_24773 - XSS in /download
DESCRIPTION
XSS in cPanel:
https://example.com:2083/download<XSS>
IMPACT
A local cPanel user with javascript enabled in their web browser could potentially be tricked into issuing a request to cPanel. Also, if cookie auth for cPanel/WHM is enabled (skiphttpauth=1 in /var/cpanel/cpanel.config), that user's cookie could potentially be stolen and be used to log into that user's cPanel account. cookie auth is not enabled by default.