WHM/cPanel is prone to cross-site scripting vulnerabilities because it fails to properly sanitize users inputs and datastore files.
Due to the nature of this security flaw, I will not be posting a Proof of Concept until much later.
Vulnerable Version: WHM 11.40 and prior.
By: Prajith P <http://prajith.in>
Vendor Contact Timeline:
2013-111-11: 3:37 AM IST – Vendor contacted via email.
2013-111-11: 7:44 AM IST – Vendor confirmed vulnerability. and filed security report(case number 82701).