ZPanel is a web hosting control panel written in PHP for Windows and *NIX host OS's.
414
stars
296
forks
source link
ZPanel 10.1.1 allows XSS via the HTTP Host header to the etc/static/diskexceeded/index.php URI. #278
Open
nullr00tbyte opened 4 years ago
I Found a XSS Vulnerability that allow execute HTML, JS code via the HTTP Host header
echo $_SERVER['HTTP_HOST'] whitout sanitize in /etc/static/diskexceeded/index.php and other files