Vulnerabilities > Cpanel > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-08-01 CVE-2016-10815 Information Exposure vulnerability in Cpanel
cPanel before 57.9999.54 allows arbitrary file-read operations for Webmail accounts via Branding APIs (SEC-120).
network
low complexity
cpanel CWE-200
6.5
2019-08-01 CVE-2016-10813 Cross-site Scripting vulnerability in Cpanel
cPanel before 57.9999.54 allows self XSS during ftp account creation under addon domains (SEC-118).
network
low complexity
cpanel CWE-79
5.4
2019-08-01 CVE-2018-20953 Cross-site Scripting vulnerability in Cpanel
cPanel before 68.0.27 allows self XSS in the WHM listips interface (SEC-389).
network
low complexity
cpanel CWE-79
6.1
2019-08-01 CVE-2018-20952 Information Exposure vulnerability in Cpanel
cPanel before 68.0.27 creates world-readable files during use of WHM Apache Includes Editor (SEC-388).
network
low complexity
cpanel CWE-200
6.5
2019-08-01 CVE-2018-20951 Cross-site Scripting vulnerability in Cpanel
cPanel before 68.0.27 allows self XSS in WHM Spamd Startup Config (SEC-387).
network
low complexity
cpanel CWE-79
6.1
2019-08-01 CVE-2018-20950 Cross-site Scripting vulnerability in Cpanel
cPanel before 68.0.27 allows self stored XSS in WHM Account Transfer (SEC-386).
network
low complexity
cpanel CWE-79
6.1
2019-08-01 CVE-2018-20949 Cross-site Scripting vulnerability in Cpanel
cPanel before 68.0.27 allows self XSS in WHM Apache Configuration Include Editor (SEC-385).
network
low complexity
cpanel CWE-79
6.1
2019-08-01 CVE-2018-20948 Cross-site Scripting vulnerability in Cpanel
cPanel before 68.0.27 allows self XSS in cPanel Backup Restoration (SEC-383).
network
low complexity
cpanel CWE-79
6.1
2019-08-01 CVE-2018-20947 Exposure of Resource to Wrong Sphere vulnerability in Cpanel
cPanel before 68.0.27 allows certain file-write operations via the telnetcrt script (SEC-356).
local
low complexity
cpanel CWE-668
5.5
2019-08-01 CVE-2018-20945 Improper Authorization vulnerability in Cpanel
bin/csvprocess in cPanel before 68.0.27 allows insecure file operations (SEC-354).
network
low complexity
cpanel CWE-285
5.7