CVE-2025-50859
📋 TL;DR
This reflected cross-site scripting vulnerability in Easy Hosting Control Panel allows authenticated attackers to inject malicious JavaScript via the template parameter in the Change Template function. Attackers can steal session cookies, redirect users, or perform actions on behalf of authenticated users. Only EHCP installations running version 20.04.1.b with authenticated user access are affected.
💻 Affected Systems
- Easy Hosting Control Panel (EHCP)
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Authenticated attacker steals administrator session cookies, gains full control of the hosting panel, compromises hosted websites, and potentially accesses underlying server infrastructure.
Likely Case
Authenticated attacker steals session cookies of other users, performs unauthorized actions within the control panel, or redirects users to phishing sites.
If Mitigated
Attack limited to stealing session cookies of users who click malicious links, with proper session management limiting damage.
🎯 Exploit Status
Exploitation requires authenticated access and social engineering to trick users into clicking malicious links.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check vendor advisory for patched version
Vendor Advisory: https://www.ehcp.net/?p=402
Restart Required: No
Instructions:
1. Check the vendor advisory at https://www.ehcp.net/?p=402 for patched version. 2. Update EHCP to the latest patched version. 3. Verify the fix by testing the template parameter for XSS.
🔧 Temporary Workarounds
Input Validation Filter
allImplement server-side input validation to sanitize the template parameter
Content Security Policy
allImplement strict Content Security Policy headers to mitigate XSS impact
🧯 If You Can't Patch
- Implement Web Application Firewall (WAF) rules to block XSS payloads in the template parameter
- Restrict access to EHCP panel to trusted IP addresses only
🔍 How to Verify
Check if Vulnerable:
Test the Change Template function by injecting basic XSS payloads like <script>alert('test')</script> in the template parameterCheck Version:
Check EHCP version in admin panel or run: grep 'version' /var/www/ehcp/version.txtVerify Fix Applied:
After patching, test the same XSS payloads to ensure they are properly sanitized or blocked📡 Detection & Monitoring
Log Indicators:
- Unusual template parameter values containing script tags or JavaScript code in web server logs
- Multiple failed authentication attempts followed by template parameter manipulation
Network Indicators:
- HTTP requests with suspicious template parameter values containing JavaScript payloads
SIEM Query:
source="web_server_logs" AND (template="*<script>*" OR template="*javascript:*" OR template="*onload=*" OR template="*onerror=*")