cve/2023/CVE-2023-29489.md

### [CVE-2023-29489](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29489)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

An issue was discovered in cPanel before 11.109.9999.116. XSS can occur on the cpsrvd error page via an invalid webcall ID, aka SEC-669. The fixed versions are 11.109.9999.116, 11.108.0.13, 11.106.0.18, and 11.102.0.31.

### POC

#### Reference
- https://blog.assetnote.io/2023/04/26/xss-million-websites-cpanel/

#### Github
- https://github.com/0-d3y/XSS_1915
- https://github.com/1337r0j4n/CVE-2023-29489
- https://github.com/Abdullah7-ma/CVE-2023-29489
- https://github.com/Cappricio-Securities/CVE-2019-9670
- https://github.com/Cappricio-Securities/CVE-2023-29489
- https://github.com/Gerxnox/One-Liner-Collections
- https://github.com/M0hamedsh0aib/xss_scan
- https://github.com/MSA-13/Shodan-Bug-Bounty-Hunter
- https://github.com/Makurorororororororo/Validate-CVE-2023-29489-scanner-
- https://github.com/Mostafa-Elguerdawi/CVE-2023-29489
- https://github.com/Praveenms13/CVE-2023-29489
- https://github.com/Praveenms13/sqli_tool13
- https://github.com/Rnaveennithyakalyan/nnkrxx
- https://github.com/S4muraiMelayu1337/CVE-2023-29489
- https://github.com/SynixCyberCrimeMy/CVE-2023-29489
- https://github.com/ViperM4sk/cpanel-xss-177
- https://github.com/ctflearner/Learn365
- https://github.com/daffainfo/Oneliner-Bugbounty
- https://github.com/gnarkill78/CSA_S2_2024
- https://github.com/haxor1337x/Scanner-CVE-2023-29489
- https://github.com/htrgouvea/spellbook
- https://github.com/ipk1/CVE-2023-29489.py
- https://github.com/jaiguptanick/100daysofcyber
- https://github.com/kovatechy/Cappricio
- https://github.com/learnerboy88/CVE-2023-29489
- https://github.com/md-thalal/CVE-2023-29489
- https://github.com/mdaseem03/cpanel_xss_2023
- https://github.com/mr-sami-x/XSS_1915
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/prasad-1808/tool-29489
- https://github.com/prasad-1808/tool_29489
- https://github.com/some-man1/CVE-2023-29489
- https://github.com/thecybertix/One-Liner-Collections
- https://github.com/tucommenceapousser/CVE-2023-29489
- https://github.com/tucommenceapousser/CVE-2023-29489.py
- https://github.com/tucommenceapousser/Oneliner-Bugbounty2
- https://github.com/tucommenceapousser/XSS_1312
- https://github.com/tucommenceapousser/XSS_1915
- https://github.com/whalebone7/EagleEye
- https://github.com/xKore123/cPanel-CVE-2023-29489
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`### [CVE-2023-29489](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29489)`
			`![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)`

			`### Description`

			`An issue was discovered in cPanel before 11.109.9999.116. XSS can occur on the cpsrvd error page via an invalid webcall ID, aka SEC-669. The fixed versions are 11.109.9999.116, 11.108.0.13, 11.106.0.18, and 11.102.0.31.`

			`### POC`

			`#### Reference`
			`- https://blog.assetnote.io/2023/04/26/xss-million-websites-cpanel/`

			`#### Github`
Update CVE sources 2024-06-09 00:33 2024-06-09 00:33:16 +00:00			`- https://github.com/0-d3y/XSS_1915`
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`- https://github.com/1337r0j4n/CVE-2023-29489`
			`- https://github.com/Abdullah7-ma/CVE-2023-29489`
Update CVE sources 2024-05-28 08:49 2024-05-28 08:49:17 +00:00			`- https://github.com/Cappricio-Securities/CVE-2019-9670`
			`- https://github.com/Cappricio-Securities/CVE-2023-29489`
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`- https://github.com/Gerxnox/One-Liner-Collections`
			`- https://github.com/M0hamedsh0aib/xss_scan`
			`- https://github.com/MSA-13/Shodan-Bug-Bounty-Hunter`
			`- https://github.com/Makurorororororororo/Validate-CVE-2023-29489-scanner-`
			`- https://github.com/Mostafa-Elguerdawi/CVE-2023-29489`
			`- https://github.com/Praveenms13/CVE-2023-29489`
			`- https://github.com/Praveenms13/sqli_tool13`
			`- https://github.com/Rnaveennithyakalyan/nnkrxx`
			`- https://github.com/S4muraiMelayu1337/CVE-2023-29489`
			`- https://github.com/SynixCyberCrimeMy/CVE-2023-29489`
			`- https://github.com/ViperM4sk/cpanel-xss-177`
			`- https://github.com/ctflearner/Learn365`
			`- https://github.com/daffainfo/Oneliner-Bugbounty`
Update CVE sources 2024-07-25 21:25 2024-07-25 21:25:12 +00:00			`- https://github.com/gnarkill78/CSA_S2_2024`
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`- https://github.com/haxor1337x/Scanner-CVE-2023-29489`
			`- https://github.com/htrgouvea/spellbook`
			`- https://github.com/ipk1/CVE-2023-29489.py`
			`- https://github.com/jaiguptanick/100daysofcyber`
Update CVE sources 2024-06-10 07:22 2024-06-10 07:22:43 +00:00			`- https://github.com/kovatechy/Cappricio`
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`- https://github.com/learnerboy88/CVE-2023-29489`
Update CVE sources 2024-06-10 07:22 2024-06-10 07:22:43 +00:00			`- https://github.com/md-thalal/CVE-2023-29489`
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`- https://github.com/mdaseem03/cpanel_xss_2023`
			`- https://github.com/mr-sami-x/XSS_1915`
			`- https://github.com/nomi-sec/PoC-in-GitHub`
			`- https://github.com/prasad-1808/tool-29489`
			`- https://github.com/prasad-1808/tool_29489`
Update CVE sources 2024-05-28 08:49 2024-05-28 08:49:17 +00:00			`- https://github.com/some-man1/CVE-2023-29489`
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`- https://github.com/thecybertix/One-Liner-Collections`
			`- https://github.com/tucommenceapousser/CVE-2023-29489`
			`- https://github.com/tucommenceapousser/CVE-2023-29489.py`
			`- https://github.com/tucommenceapousser/Oneliner-Bugbounty2`
Update CVE sources 2024-06-10 07:22 2024-06-10 07:22:43 +00:00			`- https://github.com/tucommenceapousser/XSS_1312`
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`- https://github.com/tucommenceapousser/XSS_1915`
			`- https://github.com/whalebone7/EagleEye`
			`- https://github.com/xKore123/cPanel-CVE-2023-29489`