Vulnerabilities > Cpanel > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-08-02 CVE-2017-18430 Improper Input Validation vulnerability in Cpanel
In cPanel before 66.0.2, user and group ownership may be incorrectly set when using reassign_post_terminate_cruft (SEC-294).
network
low complexity
cpanel CWE-20
4.7
2019-08-02 CVE-2017-18420 Cross-site Scripting vulnerability in Cpanel
cPanel before 66.0.2 allows stored XSS during WHM cPAddons processing (SEC-269).
network
low complexity
cpanel CWE-79
5.4
2019-08-02 CVE-2017-18419 Cross-site Scripting vulnerability in Cpanel
cPanel before 66.0.2 allows stored XSS during WHM cPAddons uninstallation (SEC-266).
network
low complexity
cpanel CWE-79
5.4
2019-08-02 CVE-2017-18418 Cross-site Scripting vulnerability in Cpanel
cPanel before 66.0.2 allows stored XSS during WHM cPAddons file operations (SEC-265).
network
low complexity
cpanel CWE-79
5.4
2019-08-02 CVE-2017-18417 Cross-site Scripting vulnerability in Cpanel
cPanel before 66.0.2 allows stored XSS during WHM cPAddons installation (SEC-263).
network
low complexity
cpanel CWE-79
5.4
2019-08-02 CVE-2017-18416 Improper Access Control vulnerability in Cpanel
cPanel before 67.9999.103 allows arbitrary file-overwrite operations during a Roundcube SQLite schema update (SEC-303).
local
low complexity
cpanel CWE-284
5.5
2019-08-02 CVE-2017-18411 Improper Input Validation vulnerability in Cpanel
The "addon domain conversion" feature in cPanel before 67.9999.103 can copy all MySQL databases to the new account (SEC-285).
network
low complexity
cpanel CWE-20
6.8
2019-08-02 CVE-2017-18410 Improper Input Validation vulnerability in Cpanel
In cPanel before 67.9999.103, a user account's backup archive could contain all MySQL databases on the server (SEC-284).
network
low complexity
cpanel CWE-20
6.5
2019-08-02 CVE-2017-18409 Improper Input Validation vulnerability in Cpanel
In cPanel before 67.9999.103, the backup interface could return a backup archive with all MySQL databases (SEC-283).
network
low complexity
cpanel CWE-20
6.5
2019-08-02 CVE-2017-18408 Cross-site Scripting vulnerability in Cpanel
cPanel before 67.9999.103 allows stored XSS in WHM MySQL Password Change interfaces (SEC-282).
network
low complexity
cpanel CWE-79
5.4