Vulnerabilities > Cpanel > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-08-01 CVE-2018-20903 Cross-site Scripting vulnerability in Cpanel
cPanel before 71.9980.37 allows self XSS in the WHM Backup Configuration interface (SEC-421).
network
low complexity
cpanel CWE-79
6.1
2019-08-01 CVE-2018-20902 Information Exposure vulnerability in Cpanel
cPanel before 71.9980.37 allows attackers to read root's crontab file by leveraging ClamAV installation (SEC-408).
local
low complexity
cpanel CWE-200
5.5
2019-08-01 CVE-2018-20901 Cross-site Scripting vulnerability in Cpanel
cPanel before 71.9980.37 allows Remote-Stored XSS in WHM Save Theme Interface (SEC-400).
network
low complexity
cpanel CWE-79
6.1
2019-08-01 CVE-2016-10857 Improper Access Control vulnerability in Cpanel
cPanel before 11.54.0.0 allows a bypass of the e-mail sending limit (SEC-60).
network
low complexity
cpanel CWE-284
6.5
2019-08-01 CVE-2016-10856 Improper Access Control vulnerability in Cpanel
cPanel before 11.54.0.0 allows subaccounts to discover sensitive data through comet feeds (SEC-29).
network
low complexity
cpanel CWE-284
6.5
2019-08-01 CVE-2016-10854 Cross-site Scripting vulnerability in Cpanel
cPanel before 11.54.0.4 allows self XSS in the X3 Entropy Banner interface (SEC-87).
network
low complexity
cpanel CWE-79
5.4
2019-08-01 CVE-2016-10853 Cross-site Scripting vulnerability in Cpanel
cPanel before 11.54.0.4 allows stored XSS in the WHM Feature Manager interface (SEC-86).
network
low complexity
cpanel CWE-79
5.4
2019-08-01 CVE-2016-10852 Improper Access Control vulnerability in Cpanel
cPanel before 11.54.0.4 lacks ACL enforcement in the AppConfig subsystem (SEC-85).
network
low complexity
cpanel CWE-284
6.5
2019-08-01 CVE-2016-10851 Cross-site Scripting vulnerability in Cpanel
cPanel before 11.54.0.4 allows self XSS in the WHM PHP Configuration editor interface (SEC-84).
network
low complexity
cpanel CWE-79
5.4
2019-08-01 CVE-2018-20900 Cross-site Scripting vulnerability in Cpanel
cPanel before 71.9980.37 allows stored XSS in the YUM autorepair functionality (SEC-399).
network
low complexity
cpanel CWE-79
6.1