Vulnerabilities > Cpanel > Cpanel > 11.54.0.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-08-01 | CVE-2018-20901 | Cross-site Scripting vulnerability in Cpanel cPanel before 71.9980.37 allows Remote-Stored XSS in WHM Save Theme Interface (SEC-400). | 4.3 |
| 2019-08-01 | CVE-2016-10855 | Improper Input Validation vulnerability in Cpanel cPanel before 11.54.0.4 allows unauthenticated arbitrary code execution via cpsrvd (SEC-91). | 10.0 |
| 2019-08-01 | CVE-2016-10854 | Cross-site Scripting vulnerability in Cpanel cPanel before 11.54.0.4 allows self XSS in the X3 Entropy Banner interface (SEC-87). | 3.5 |
| 2019-08-01 | CVE-2016-10853 | Cross-site Scripting vulnerability in Cpanel cPanel before 11.54.0.4 allows stored XSS in the WHM Feature Manager interface (SEC-86). | 3.5 |
| 2019-08-01 | CVE-2016-10852 | Improper Access Control vulnerability in Cpanel cPanel before 11.54.0.4 lacks ACL enforcement in the AppConfig subsystem (SEC-85). | 4.0 |
| 2019-08-01 | CVE-2016-10851 | Cross-site Scripting vulnerability in Cpanel cPanel before 11.54.0.4 allows self XSS in the WHM PHP Configuration editor interface (SEC-84). | 3.5 |
| 2019-08-01 | CVE-2016-10850 | Improper Input Validation vulnerability in Cpanel cPanel before 11.54.0.4 allows arbitrary code execution via scripts/synccpaddonswithsqlhost (SEC-83). | 9.0 |
| 2019-08-01 | CVE-2018-20887 | SQL Injection vulnerability in Cpanel cPanel before 74.0.0 allows SQL injection during database backups (SEC-420). | 7.5 |
| 2019-08-01 | CVE-2018-20885 | Injection vulnerability in Cpanel cPanel before 74.0.0 allows Apache HTTP Server configuration injection because of DocumentRoot variable interpolation (SEC-416). | 5.0 |
| 2019-08-01 | CVE-2018-20884 | Cross-site Scripting vulnerability in Cpanel cPanel before 74.0.0 allows stored XSS in the WHM File Restoration interface (SEC-367). | 3.5 |