WHM/cPanel Cross-Site Scripting Vulnerability

WHM/cPanel is prone to  cross-site scripting vulnerabilities because it fails to properly sanitize users inputs and datastore files.

Due to the nature of this security flaw,  I will not be posting a Proof of Concept until much later.


Type: XSS
Product: cPanel
Website: http://www.cpanel.net
Vulnerable Version: WHM 11.40 and prior.
Date: 11/11/2013
By: Prajith P <http://prajith.in>

Vendor Contact Timeline:

2013-111-11: 3:37 AM IST – Vendor contacted via email.

2013-111-11: 7:44 AM IST –  Vendor confirmed vulnerability. and filed security report(case number 82701).

WHM/cPanel Cross-Site Scripting Vulnerability

2 thoughts on “WHM/cPanel Cross-Site Scripting Vulnerability

  • July 30, 2015 at 2:12 pm

    Did you report it within their Bug Bounty program? If yes, then did they reward you? And can you tell me the amount?

    • August 1, 2015 at 6:53 am

      Yes I did, but the severity of the bug was very low, so didn’t get any reward.


Leave a Reply

Your email address will not be published. Required fields are marked *

Fork me on GitHub