What is CVE-2023-29489?

CVE-2023-29489 is a medium-severity vulnerability in N/a. CVSS score: 5.3/10. Published 2023-04-27.

How severe is CVE-2023-29489?

Medium severity. CVSS v3 base score is 5.3 out of 10.

Is CVE-2023-29489 known to be exploited?

54 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2023-29489

An issue was discovered in cPanel before 11.109.9999.116. XSS can occur on the cpsrvd error page via an invalid webcall ID, aka SEC-669. The fixed versions are 11.109.9999.116, 11.108.0.13, 11.106.0.18, and 11.102.0.31.

EPSS: 0.929 (99.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.1/AC:L/AV:L/A:L/C:L/I:L/PR:L/S:U/UI:N.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

0-d3y/CVE-2023-29489
whalebone7/EagleEye
mdaseem03/cpanel_xss_2023
xKore123/cPanel-CVE-2023-29489
Makurorororororororo/Validate-CVE-2023-29489-scanner-
ipk1/CVE-2023-29489.py
Thuankobtcode/CVE-2023-29489
Abdullah7-ma/CVE-2023-29489
Cappricio-Securities/CVE-2023-29489
md-thalal/CVE-2023-29489

References

forums.cpanel.net/threads/cpanel-tsr-2023-0001-full-disclosure.708949/
blog.assetnote.io/2023/04/26/xss-million-websites-cpanel/

Frequently asked questions

What is CVE-2023-29489?: CVE-2023-29489 is a medium-severity vulnerability in N/a. CVSS score: 5.3/10. Published 2023-04-27.
How severe is CVE-2023-29489?: Medium severity. CVSS v3 base score is 5.3 out of 10.
Is CVE-2023-29489 known to be exploited?: 54 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.