Vulnerabilities > Cpanel > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-11 | CVE-2021-38590 | Incorrect Permission Assignment for Critical Resource vulnerability in Cpanel In cPanel before 96.0.8, weak permissions on web stats can lead to information disclosure (SEC-584). | 2.1 |
| 2020-11-27 | CVE-2020-29135 | Injection vulnerability in Cpanel cPanel before 90.0.17 has multiple instances of URL parameter injection (SEC-567). | 3.5 |
| 2020-03-17 | CVE-2019-20494 | Improper Input Validation vulnerability in Cpanel In cPanel before 82.0.18, Cpanel::Rand::Get can produce a predictable series of numbers (SEC-525). | 2.1 |
| 2020-03-17 | CVE-2019-20497 | Cross-site Scripting vulnerability in Cpanel cPanel before 82.0.18 allows stored XSS via WHM Backup Restoration (SEC-533). | 3.5 |
| 2020-02-10 | CVE-2012-6449 | Cross-site Scripting vulnerability in Cpanel and WHM The clientconf.html and detailbw.html pages in x3 in cPanel & WHM 11.34.0 (build 8) have a XSS vulnerability. | 3.5 |
| 2019-08-07 | CVE-2016-10799 | Improper Access Control vulnerability in Cpanel cPanel before 58.0.4 does not set the Pear tmp directory during a PHP installation (SEC-137). | 2.1 |
| 2019-08-07 | CVE-2016-10806 | Cross-site Scripting vulnerability in Cpanel cPanel before 57.9999.54 allows self XSS on the Paper Lantern Landing Page (SEC-110). | 3.5 |
| 2019-08-06 | CVE-2016-10796 | Permission Issues vulnerability in Cpanel cPanel before 58.0.4 initially uses weak permissions for Apache HTTP Server log files (SEC-130). | 2.1 |
| 2019-08-06 | CVE-2016-10776 | Cross-site Scripting vulnerability in Cpanel cPanel before 60.0.25 allows stored XSS during the homedir removal phase of WHM Account termination (SEC-174). | 3.5 |
| 2019-08-06 | CVE-2016-10777 | Cross-site Scripting vulnerability in Cpanel cPanel before 60.0.25 allows self XSS in WHM Tweak Settings for autodiscover_host (SEC-177). | 3.5 |