Vulnerabilities > Cpanel > Cpanel > 68.0.37
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-08-01 | CVE-2018-20899 | Cross-site Scripting vulnerability in Cpanel cPanel before 71.9980.37 allows stored XSS in the WHM cPAddons installation interface (SEC-398). | 4.3 |
| 2019-08-01 | CVE-2018-20898 | Injection vulnerability in Cpanel cPanel before 71.9980.37 allows e-mail injection during cPAddons moderation (SEC-396). | 4.0 |
| 2019-08-01 | CVE-2018-20897 | Improper Input Validation vulnerability in Cpanel cPanel before 71.9980.37 allows arbitrary file-unlink operations via the cPAddons moderation system (SEC-395). | 3.3 |
| 2019-08-01 | CVE-2018-20896 | Code Injection vulnerability in Cpanel cPanel before 71.9980.37 allows code injection in the WHM cPAddons interface (SEC-394). | 3.3 |
| 2019-08-01 | CVE-2018-20895 | Improper Input Validation vulnerability in Cpanel In cPanel before 71.9980.37, API tokens retain ACLs after those ACLs are removed from the corresponding accounts (SEC-393). | 6.5 |
| 2019-08-01 | CVE-2018-20887 | SQL Injection vulnerability in Cpanel cPanel before 74.0.0 allows SQL injection during database backups (SEC-420). | 7.5 |
| 2019-08-01 | CVE-2018-20885 | Injection vulnerability in Cpanel cPanel before 74.0.0 allows Apache HTTP Server configuration injection because of DocumentRoot variable interpolation (SEC-416). | 5.0 |
| 2019-08-01 | CVE-2018-20884 | Cross-site Scripting vulnerability in Cpanel cPanel before 74.0.0 allows stored XSS in the WHM File Restoration interface (SEC-367). | 3.5 |
| 2019-08-01 | CVE-2018-20883 | Improper Input Validation vulnerability in Cpanel cPanel before 74.0.8 allows FTP access during account suspension (SEC-449). | 4.0 |
| 2019-08-01 | CVE-2018-20881 | Cross-site Scripting vulnerability in Cpanel cPanel before 74.0.8 allows self stored XSS on the Security Questions login page (SEC-446). | 3.5 |