Vulnerabilities > Cpanel > Cpanel > 84.0.19

DATE CVE VULNERABILITY TITLE RISK
2020-03-17 CVE-2020-10116 Incorrect Authorization vulnerability in Cpanel
cPanel before 84.0.20 allows attackers to bypass intended restrictions on features and demo accounts via WebDisk UAPI calls (SEC-541).
network
low complexity
cpanel CWE-863
5.0
5.0
2020-03-17 CVE-2020-10115 Improper Input Validation vulnerability in Cpanel
cPanel before 84.0.20, when PowerDNS is used, allows arbitrary code execution as root via dnsadmin.
network
low complexity
cpanel CWE-20
critical
 9.0
9.0
2020-03-17 CVE-2020-10114 Cross-site Scripting vulnerability in Cpanel
cPanel before 84.0.20 allows stored self-XSS via the HTML file editor (SEC-535).
network
cpanel CWE-79
4.3
4.3
2020-03-17 CVE-2020-10113 Cross-site Scripting vulnerability in Cpanel
cPanel before 84.0.20 allows self XSS via a temporary character-set specification (SEC-515).
network
cpanel CWE-79
4.3
4.3