Vulnerabilities > Control Webpanel > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-03-26 | CVE-2019-7646 | Cross-site Scripting vulnerability in Control-Webpanel Webpanel CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.763 is vulnerable to Stored/Persistent XSS for the "Package Name" field via the add_package module parameter. | 4.8 |
| 2018-11-20 | CVE-2018-18774 | Cross-site Scripting vulnerability in Control-Webpanel Webpanel CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows XSS via the admin/index.php module parameter. | 6.1 |
| 2018-10-15 | CVE-2018-18324 | Cross-site Scripting vulnerability in Control-Webpanel Webpanel 0.9.8.480 CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has XSS via the admin/fileManager2.php fm_current_dir parameter, or the admin/index.php module, service_start, service_fullstatus, service_restart, service_stop, or file (within the file_editor) parameter. | 6.1 |
| 2018-01-22 | CVE-2018-5962 | Cross-site Scripting vulnerability in Control-Webpanel Webpanel index.php in CentOS-WebPanel.com (aka CWP) CentOS Web Panel through v0.9.8.12 has XSS via the id parameter to the phpini_editor module or the email_address parameter to the mail_add-new module. | 6.1 |
| 2018-01-22 | CVE-2018-5961 | Cross-site Scripting vulnerability in Control-Webpanel Webpanel CentOS-WebPanel.com (aka CWP) CentOS Web Panel through v0.9.8.12 has XSS via the `module` value of the `index.php` file. | 6.1 |