Vulnerabilities > Cpanel > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-08-05 | CVE-2017-18471 | Cross-site Scripting vulnerability in Cpanel cPanel before 62.0.4 allows self XSS on the paper_lantern password-change screen (SEC-197). | 3.5 |
| 2019-08-05 | CVE-2017-18473 | Cross-site Scripting vulnerability in Cpanel cPanel before 62.0.4 allows self XSS on the webmail Password and Security page (SEC-199). | 3.5 |
| 2019-08-05 | CVE-2017-18481 | Cross-site Scripting vulnerability in Cpanel cPanel before 62.0.4 allows stored XSS in the WHM Account Suspension List interface (SEC-211). | 3.5 |
| 2019-08-05 | CVE-2017-18465 | Improper Input Validation vulnerability in Cpanel cPanel before 62.0.17 does not have a sufficient list of reserved usernames (SEC-227). | 2.1 |
| 2019-08-02 | CVE-2017-18436 | Information Exposure vulnerability in Cpanel cPanel before 64.0.21 allows demo accounts to read files via a Fileman::getfileactions API2 call (SEC-239). | 2.7 |
| 2019-08-02 | CVE-2017-18437 | Injection vulnerability in Cpanel cPanel before 64.0.21 allows a Webmail account to execute code via forwarders (SEC-240). | 3.6 |
| 2019-08-02 | CVE-2017-18449 | Improper Input Validation vulnerability in Cpanel cPanel before 64.0.21 allows certain file-rename operations in the context of the root account via scripts/convert_roundcube_mysql2sqlite (SEC-254). | 2.1 |
| 2019-08-02 | CVE-2017-18454 | Cross-site Scripting vulnerability in Cpanel cPanel before 62.0.24 allows stored XSS in the WHM cPAddons install interface (SEC-262). | 3.5 |
| 2019-08-02 | CVE-2017-18458 | Improper Input Validation vulnerability in Cpanel cPanel before 62.0.17 allows file overwrite when renaming an account (SEC-219). | 3.6 |
| 2019-08-02 | CVE-2017-18417 | Cross-site Scripting vulnerability in Cpanel cPanel before 66.0.2 allows stored XSS during WHM cPAddons installation (SEC-263). | 3.5 |