Vulnerabilities > Cpanel > Cpanel > 66.0.4
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-08-02 | CVE-2017-18383 | Permissions, Privileges, and Access Controls vulnerability in Cpanel cPanel before 68.0.15 writes home-directory backups to an incorrect location (SEC-309). | 4.6 |
| 2019-08-02 | CVE-2017-18382 | Improper Input Validation vulnerability in Cpanel cPanel before 68.0.15 allows use of an unreserved e-mail address in DNS zone SOA records (SEC-306). | 4.0 |
| 2019-08-01 | CVE-2018-20953 | Cross-site Scripting vulnerability in Cpanel cPanel before 68.0.27 allows self XSS in the WHM listips interface (SEC-389). | 4.3 |
| 2019-08-01 | CVE-2018-20952 | Information Exposure vulnerability in Cpanel cPanel before 68.0.27 creates world-readable files during use of WHM Apache Includes Editor (SEC-388). | 4.0 |
| 2019-08-01 | CVE-2018-20951 | Cross-site Scripting vulnerability in Cpanel cPanel before 68.0.27 allows self XSS in WHM Spamd Startup Config (SEC-387). | 4.3 |
| 2019-08-01 | CVE-2018-20950 | Cross-site Scripting vulnerability in Cpanel cPanel before 68.0.27 allows self stored XSS in WHM Account Transfer (SEC-386). | 4.3 |
| 2019-08-01 | CVE-2018-20949 | Cross-site Scripting vulnerability in Cpanel cPanel before 68.0.27 allows self XSS in WHM Apache Configuration Include Editor (SEC-385). | 4.3 |
| 2019-08-01 | CVE-2018-20948 | Cross-site Scripting vulnerability in Cpanel cPanel before 68.0.27 allows self XSS in cPanel Backup Restoration (SEC-383). | 4.3 |
| 2019-08-01 | CVE-2018-20947 | Exposure of Resource to Wrong Sphere vulnerability in Cpanel cPanel before 68.0.27 allows certain file-write operations via the telnetcrt script (SEC-356). | 2.1 |
| 2019-08-01 | CVE-2018-20946 | Information Exposure vulnerability in Cpanel cPanel before 68.0.27 allows attackers to read zone information because a world-readable archive is created by the archive_sync_zones script (SEC-355). | 2.1 |