XSS Vulnerability in CyberPanel: Affected Version Details

CVE-2024-56112

Summary

A high-severity Cross-Site Scripting (XSS) vulnerability has been identified in CyberPanel versions prior to commit f0cf648. This flaw allows attackers to inject malicious scripts via the token or username when logging into the phpMyAdmin interface at plogical/phpmyadminsignin.php. Exploitation of this vulnerability could lead to unauthorized access and manipulation of user sessions, posing significant risks to data integrity and security for affected users. Users are advised to update to the latest version to mitigate these risks.

References