Vulnerabilities > Cpanel > Cpanel > 55.9999.124
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-30 | CVE-2019-14392 | Unspecified vulnerability in Cpanel cPanel before 80.0.22 allows remote code execution by a demo account because of incorrect URI dispatching (SEC-501). | 6.5 |
| 2019-07-30 | CVE-2018-20867 | Open Redirect vulnerability in Cpanel cPanel before 76.0.8 has an open redirect when resetting connections (SEC-462). | 5.8 |
| 2019-07-30 | CVE-2019-14391 | Unspecified vulnerability in Cpanel cPanel before 82.0.2 does not properly enforce Reseller package creation ACLs (SEC-514). | 2.1 |
| 2019-07-30 | CVE-2019-14390 | Cross-site Scripting vulnerability in Cpanel cPanel before 82.0.2 has stored XSS in the WHM Modify Account interface (SEC-512). | 3.5 |
| 2019-07-30 | CVE-2019-14389 | Unspecified vulnerability in Cpanel cPanel before 82.0.2 allows local users to discover the MySQL root password (SEC-510). | 2.1 |
| 2019-07-30 | CVE-2019-14388 | Unspecified vulnerability in Cpanel cPanel before 82.0.2 allows unauthenticated file creation because Exim log parsing is mishandled (SEC-507). | 5.0 |
| 2019-07-30 | CVE-2019-14387 | Cross-site Scripting vulnerability in Cpanel cPanel before 82.0.2 has Self XSS in the cPanel and webmail master templates (SEC-506). | 4.3 |
| 2019-07-30 | CVE-2019-14386 | Cross-site Scripting vulnerability in Cpanel cPanel before 82.0.2 has stored XSS in the WHM Tomcat Manager interface (SEC-504). | 3.5 |
| 2018-08-30 | CVE-2018-16236 | Cross-site Scripting vulnerability in Cpanel cPanel through 74 allows XSS via a crafted filename in the logs subdirectory of a user account, because the filename is mishandled during frontend/THEME/raw/index.html rendering. | 4.3 |
| 2017-03-03 | CVE-2017-5614 | Open Redirect vulnerability in Cpanel Open redirect vulnerability in cgiemail and cgiecho allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the (1) success or (2) failure parameter. | 5.8 |