Vulnerabilities > Cpanel > Cpanel > 78.0.43
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-17 | CVE-2020-10116 | Incorrect Authorization vulnerability in Cpanel cPanel before 84.0.20 allows attackers to bypass intended restrictions on features and demo accounts via WebDisk UAPI calls (SEC-541). | 5.0 |
| 2020-03-17 | CVE-2020-10115 | Improper Input Validation vulnerability in Cpanel cPanel before 84.0.20, when PowerDNS is used, allows arbitrary code execution as root via dnsadmin. | 9.0 |
| 2020-03-17 | CVE-2020-10114 | Cross-site Scripting vulnerability in Cpanel cPanel before 84.0.20 allows stored self-XSS via the HTML file editor (SEC-535). | 4.3 |
| 2020-03-17 | CVE-2020-10113 | Cross-site Scripting vulnerability in Cpanel cPanel before 84.0.20 allows self XSS via a temporary character-set specification (SEC-515). | 4.3 |
| 2019-10-09 | CVE-2019-17380 | Cross-site Scripting vulnerability in Cpanel cPanel before 82.0.15 allows self XSS in the WHM Update Preferences interface (SEC-528). | 4.3 |
| 2019-07-30 | CVE-2019-14398 | Unspecified vulnerability in Cpanel cPanel before 80.0.5 allows demo accounts to execute arbitrary code via ajax_maketext_syntax_util.pl (SEC-498). | 6.5 |
| 2019-07-30 | CVE-2019-14397 | Unspecified vulnerability in Cpanel cPanel before 80.0.5 allows demo accounts to modify arbitrary files via the extractfile API1 call (SEC-496). | 5.0 |
| 2019-07-30 | CVE-2019-14396 | Unspecified vulnerability in Cpanel API Analytics adminbin in cPanel before 80.0.5 allows spoofed insertions of log data (SEC-495). | 2.1 |
| 2019-07-30 | CVE-2019-14395 | Information Exposure vulnerability in Cpanel cPanel before 80.0.5 uses world-readable permissions for the Queueprocd log (SEC-494). | 2.1 |
| 2019-07-30 | CVE-2019-14394 | Information Exposure vulnerability in Cpanel cPanel before 80.0.5 allows unsafe file operations in the context of the root account via the fetch_ssl_certificates_for_fqdns API (SEC-489). | 2.1 |