cve/2023/CVE-2023-29489.md

### [CVE-2023-29489](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29489)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

An issue was discovered in cPanel before 11.109.9999.116. XSS can occur on the cpsrvd error page via an invalid webcall ID, aka SEC-669. The fixed versions are 11.109.9999.116, 11.108.0.13, 11.106.0.18, and 11.102.0.31.

### POC

#### Reference
- https://blog.assetnote.io/2023/04/26/xss-million-websites-cpanel/

#### Github
- https://github.com/1337r0j4n/CVE-2023-29489
- https://github.com/Abdullah7-ma/CVE-2023-29489
- https://github.com/Gerxnox/One-Liner-Collections
- https://github.com/M0hamedsh0aib/xss_scan
- https://github.com/MSA-13/Shodan-Bug-Bounty-Hunter
- https://github.com/Makurorororororororo/Validate-CVE-2023-29489-scanner-
- https://github.com/Mostafa-Elguerdawi/CVE-2023-29489
- https://github.com/Praveenms13/CVE-2023-29489
- https://github.com/Praveenms13/sqli_tool13
- https://github.com/Rnaveennithyakalyan/nnkrxx
- https://github.com/S4muraiMelayu1337/CVE-2023-29489
- https://github.com/SynixCyberCrimeMy/CVE-2023-29489
- https://github.com/ViperM4sk/cpanel-xss-177
- https://github.com/ctflearner/Learn365
- https://github.com/daffainfo/Oneliner-Bugbounty
- https://github.com/haxor1337x/Scanner-CVE-2023-29489
- https://github.com/htrgouvea/spellbook
- https://github.com/ipk1/CVE-2023-29489.py
- https://github.com/jaiguptanick/100daysofcyber
- https://github.com/learnerboy88/CVE-2023-29489
- https://github.com/mdaseem03/cpanel_xss_2023
- https://github.com/mr-sami-x/XSS_1915
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/prasad-1808/tool-29489
- https://github.com/prasad-1808/tool_29489
- https://github.com/thecybertix/One-Liner-Collections
- https://github.com/tucommenceapousser/CVE-2023-29489
- https://github.com/tucommenceapousser/CVE-2023-29489.py
- https://github.com/tucommenceapousser/Oneliner-Bugbounty2
- https://github.com/tucommenceapousser/XSS_1915
- https://github.com/whalebone7/EagleEye
- https://github.com/xKore123/cPanel-CVE-2023-29489
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`### [CVE-2023-29489](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29489)`
			`![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)`

			`### Description`

			`An issue was discovered in cPanel before 11.109.9999.116. XSS can occur on the cpsrvd error page via an invalid webcall ID, aka SEC-669. The fixed versions are 11.109.9999.116, 11.108.0.13, 11.106.0.18, and 11.102.0.31.`

			`### POC`

			`#### Reference`
			`- https://blog.assetnote.io/2023/04/26/xss-million-websites-cpanel/`

			`#### Github`
			`- https://github.com/1337r0j4n/CVE-2023-29489`
			`- https://github.com/Abdullah7-ma/CVE-2023-29489`
			`- https://github.com/Gerxnox/One-Liner-Collections`
			`- https://github.com/M0hamedsh0aib/xss_scan`
			`- https://github.com/MSA-13/Shodan-Bug-Bounty-Hunter`
			`- https://github.com/Makurorororororororo/Validate-CVE-2023-29489-scanner-`
			`- https://github.com/Mostafa-Elguerdawi/CVE-2023-29489`
			`- https://github.com/Praveenms13/CVE-2023-29489`
			`- https://github.com/Praveenms13/sqli_tool13`
			`- https://github.com/Rnaveennithyakalyan/nnkrxx`
			`- https://github.com/S4muraiMelayu1337/CVE-2023-29489`
			`- https://github.com/SynixCyberCrimeMy/CVE-2023-29489`
			`- https://github.com/ViperM4sk/cpanel-xss-177`
			`- https://github.com/ctflearner/Learn365`
			`- https://github.com/daffainfo/Oneliner-Bugbounty`
			`- https://github.com/haxor1337x/Scanner-CVE-2023-29489`
			`- https://github.com/htrgouvea/spellbook`
			`- https://github.com/ipk1/CVE-2023-29489.py`
			`- https://github.com/jaiguptanick/100daysofcyber`
			`- https://github.com/learnerboy88/CVE-2023-29489`
			`- https://github.com/mdaseem03/cpanel_xss_2023`
			`- https://github.com/mr-sami-x/XSS_1915`
			`- https://github.com/nomi-sec/PoC-in-GitHub`
			`- https://github.com/prasad-1808/tool-29489`
			`- https://github.com/prasad-1808/tool_29489`
			`- https://github.com/thecybertix/One-Liner-Collections`
			`- https://github.com/tucommenceapousser/CVE-2023-29489`
			`- https://github.com/tucommenceapousser/CVE-2023-29489.py`
			`- https://github.com/tucommenceapousser/Oneliner-Bugbounty2`
			`- https://github.com/tucommenceapousser/XSS_1915`
			`- https://github.com/whalebone7/EagleEye`
			`- https://github.com/xKore123/cPanel-CVE-2023-29489`