Vulnerabilities > Cpanel
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-08-01 | CVE-2016-10853 | Cross-site Scripting vulnerability in Cpanel cPanel before 11.54.0.4 allows stored XSS in the WHM Feature Manager interface (SEC-86). | 3.5 |
| 2019-08-01 | CVE-2016-10852 | Improper Access Control vulnerability in Cpanel cPanel before 11.54.0.4 lacks ACL enforcement in the AppConfig subsystem (SEC-85). | 4.0 |
| 2019-08-01 | CVE-2016-10851 | Cross-site Scripting vulnerability in Cpanel cPanel before 11.54.0.4 allows self XSS in the WHM PHP Configuration editor interface (SEC-84). | 3.5 |
| 2019-08-01 | CVE-2016-10850 | Improper Input Validation vulnerability in Cpanel cPanel before 11.54.0.4 allows arbitrary code execution via scripts/synccpaddonswithsqlhost (SEC-83). | 9.0 |
| 2019-08-01 | CVE-2015-9291 | Improper Access Control vulnerability in Cpanel cPanel before 11.52.0.13 does not prevent arbitrary file-read operations via get_information_for_applications (CPANEL-1221). | 5.0 |
| 2019-08-01 | CVE-2018-20900 | Cross-site Scripting vulnerability in Cpanel cPanel before 71.9980.37 allows stored XSS in the YUM autorepair functionality (SEC-399). | 4.3 |
| 2019-08-01 | CVE-2018-20899 | Cross-site Scripting vulnerability in Cpanel cPanel before 71.9980.37 allows stored XSS in the WHM cPAddons installation interface (SEC-398). | 4.3 |
| 2019-08-01 | CVE-2018-20898 | Injection vulnerability in Cpanel cPanel before 71.9980.37 allows e-mail injection during cPAddons moderation (SEC-396). | 4.0 |
| 2019-08-01 | CVE-2018-20897 | Improper Input Validation vulnerability in Cpanel cPanel before 71.9980.37 allows arbitrary file-unlink operations via the cPAddons moderation system (SEC-395). | 3.3 |
| 2019-08-01 | CVE-2018-20896 | Code Injection vulnerability in Cpanel cPanel before 71.9980.37 allows code injection in the WHM cPAddons interface (SEC-394). | 3.3 |