CentOS Web Panel is a Linux based web panel like Cpanel or Plesk and it has a couple of features for server management. The vulnerability is located in the `id` and `email_address` parameters of the `index.php` file POST method request. The request method to inject is POST and the attack vector is persistent on the application-side. The injection points are the both add POST method requests and the execution point occurs in the output location of both modules. The exploitation requires no privileged web-application user account and low user interaction.”]
Source: https://gbhackers.com/xss-vulnerabilities-centos-web-panel/