Vulnerabilities > Cpanel > Cpanel > 70.0.47

DATE CVE VULNERABILITY TITLE RISK
2019-08-01 CVE-2018-20903 Cross-site Scripting vulnerability in Cpanel
cPanel before 71.9980.37 allows self XSS in the WHM Backup Configuration interface (SEC-421).
network
low complexity
cpanel CWE-79
6.1
2019-08-01 CVE-2018-20902 Information Exposure vulnerability in Cpanel
cPanel before 71.9980.37 allows attackers to read root's crontab file by leveraging ClamAV installation (SEC-408).
local
low complexity
cpanel CWE-200
5.5
2019-08-01 CVE-2018-20901 Cross-site Scripting vulnerability in Cpanel
cPanel before 71.9980.37 allows Remote-Stored XSS in WHM Save Theme Interface (SEC-400).
network
low complexity
cpanel CWE-79
6.1
2019-08-01 CVE-2018-20893 Improper Input Validation vulnerability in Cpanel
cPanel before 74.0.0 allows file-rename operations during account renames (SEC-442).
local
low complexity
cpanel CWE-20
2.3
2019-08-01 CVE-2018-20892 Unspecified vulnerability in Cpanel
cPanel before 74.0.0 allows arbitrary zone file modifications because of incorrect CAA record handling (SEC-439).
network
low complexity
cpanel
4.3
2019-08-01 CVE-2018-20891 Improper Input Validation vulnerability in Cpanel
cPanel before 74.0.0 allows arbitrary file-read operations during File Restoration (SEC-436).
local
low complexity
cpanel CWE-20
5.5
2019-08-01 CVE-2018-20890 Improper Access Control vulnerability in Cpanel
cPanel before 74.0.0 allows arbitrary zone file modifications during record edits (SEC-426).
network
low complexity
cpanel CWE-284
4.3
2019-08-01 CVE-2018-20889 Information Exposure vulnerability in Cpanel
cPanel before 74.0.0 allows certain file-read operations via password file caching (SEC-425).
local
low complexity
cpanel CWE-200
4.4
2019-08-01 CVE-2018-20888 Improper Authentication vulnerability in Cpanel
cPanel before 74.0.0 allows file modification in the context of the root account because of incorrect HTTP authentication (SEC-424).
local
low complexity
cpanel CWE-287
5.5
2019-08-01 CVE-2018-20887 SQL Injection vulnerability in Cpanel
cPanel before 74.0.0 allows SQL injection during database backups (SEC-420).
network
low complexity
cpanel CWE-89
critical
9.8