cPanel Self-XSS vulnerability – How do we tackle this?
cPanel Self-XSS vulnerability affected your servers too? We can help you tackle it.
Upgrading cPanel and WHM is the best way to fight against this vulnerability.
At Bobcares, we often get requests regarding the vulnerability, as a part of our Server Management Services.
Today, let’s see how our Support Engineers deal with this.
What is Self-XSS?
It is an attack used to gain control of users’ web accounts. In this attack, the attacker tricks the victim to run malicious code in his web browser.
This way, the victim unknowingly exposes his web to the attacker.
What is the new Self-XSS vulnerability in WHM and cPanel?
Vulnerabilities are critical. Here is a new vulnerability in WHM and cPanel.
WHM/cPanel and its APIs allow specifying a temporary character set. And, this is for the HTTP responses.
But, most of these APIs and interfaces do not expect to have a changed character set for their responses. This non-clarity can allow an attacker to make use of victims’ browsers to parse and execute the vulnerable code.
The attacker utilizes the feature of WHM/cPanel allowing temporary character set for this.
Today, let’s discuss how our Dedicated Engineers mitigate the cPanel Self-XSS vulnerability and check whether they are safe.
Is my server under risk?
Yes, maybe. But, please don’t wait too long for confirming. Here is the way for checking whether your WHM and cPanel are vulnerable or not.
If the cPanel version is not the latest, then yes, your servers are at risk. Upgrading WHM/cPanel from an older version to 184.108.40.206, 220.127.116.11 or the latest closes the loop-hole for the Self-XSS vulnerability.
So, our Engineers always suggest making sure that the cPanel and WHM are upgraded for protecting your accounts from this.
We check the cPanel/WHM version in many ways.
1. By using the ‘cPanel’ command
2. By looking at Version file
3 And from the rightmost corner of your WHM panel as shown in the below figure.
If the version is not 18.104.22.168,22.214.171.124 or the latest, we suggest upgrading it immediately as these vulnerabilities are really critical.
At Bobcares, we are getting many requests for updating the versions of WHM and cPanel these days. Upgrades naturally affect the working of the websites. Therefore, the real merit lies in upgrading the server without causing downtime.
Thus, before doing those upgrades, our Support Engineers always assess the server configuration first. It involves checking the effect of upgrades on related packages. Furthermore, we take enough backups of the server configurations. This helps in quick recovery in case of any failures.
[Do you need help to upgrade WHM and cPanel versions? Our experts can help you.]
In short, we can resolve this vulnerability in WHM and cPanel by upgrading their version to 126.96.36.199,188.8.131.52 or the latest. And our Support Engineers are here for any kind of support.