cPanel XSS (CVE-2023-29489)
Description
cPanel versions prior to the patched release contain a cross-site scripting (XSS) vulnerability in the 'cpanelwebcall' endpoint. This vulnerability exists because the endpoint fails to properly validate and sanitize user-supplied input before rendering it in the browser, allowing attackers to inject malicious scripts into web pages viewed by other users.
Remediation
Apply security updates immediately by upgrading to the latest patched version of cPanel. cPanel has addressed this vulnerability in their security release as documented in TSR-2023-0001. To remediate:
1. Review the cPanel TSR-2023-0001 advisory to identify the specific patched version for your installation
2. Schedule a maintenance window and create a backup of your current cPanel installation
3. Update cPanel using the built-in update system or by running the appropriate update command for your version
4. Verify the update was successful and test critical functionality
5. Review access logs for any suspicious activity that may indicate prior exploitation
As an interim mitigation if immediate patching is not possible, consider implementing Web Application Firewall (WAF) rules to filter malicious input to the 'cpanelwebcall' endpoint, though this should not replace applying the official patch.