XSS in WHMCS casuing potential DOS in virtualmin [#41028]

Submitted by hescominsoon on Fri, 06/10/2016 - 07:12 Pro Licensee

http://www.etc-md.com/archives/4440 http://www.etc-md.com/archives/4444

right now WHMCS is stomping in areas it shouldn't be. I never would have known if not for my wordfence WAF killing WHMCS when it tried to intrude on wordpress. When the WAF killed WHMCSs intrusion I noticed my virtualmin also died and i had to relog to get virtualmin functionality back. I am not disclosing the code that is getting captured by my WAF as I have disclosed that to support..who as per the linked pages is not being very helpful. For now it is my advice to watch your WHMCS closely and do some serious hardening to keep the WHMCS software out of the rest of your website where it does not belong. This is NOT a virtualmin problem...this is posted simply to advise users of virtualmin they may have an issue that is caused by WHMCS.

Status:

Closed (fixed)

Comments

Submitted by andreychek on Fri, 06/10/2016 - 08:27 Comment #1

Thanks for the heads up, we'll keep an eye out for any issues relating to that.

Submitted by hescominsoon on Fri, 06/10/2016 - 18:49 Pro Licensee Comment #2

Title:	XSS in WHCMS casuing potential DOS in virtualmin	» XSS in WHMCS casuing potential DOS in virtualmin
Body:	View changes

Submitted by hescominsoon on Sat, 04/15/2017 - 18:05 Pro Licensee Comment #3

Status:

Active

» Fixed (pending)

Submitted by IssueBot on Thu, 10/11/2018 - 20:07 Comment #4

Status:

Fixed

» Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.