Vulnerabilities > Cpanel > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-08-01 CVE-2016-10842 Improper Input Validation vulnerability in Cpanel
cPanel before 11.54.0.4 allows certain file-read operations in bin/setup_global_spam_filter.pl (SEC-74).
network
low complexity
cpanel CWE-20
4.0
2019-08-01 CVE-2016-10839 SQL Injection vulnerability in Cpanel
cPanel before 11.54.0.4 allows SQL injection in bin/horde_update_usernames (SEC-71).
network
low complexity
cpanel CWE-89
5.5
2019-08-01 CVE-2016-10838 Improper Access Control vulnerability in Cpanel
cPanel before 11.54.0.4 allows arbitrary file-read operations via the bin/fmq script (SEC-70).
network
low complexity
cpanel CWE-284
6.8
2019-08-01 CVE-2016-10836 Improper Authentication vulnerability in Cpanel
cPanel before 55.9999.141 allows arbitrary file-read operations during authentication with caldav (SEC-108).
network
low complexity
cpanel CWE-287
4.0
2019-08-01 CVE-2018-20923 Cross-site Scripting vulnerability in Cpanel
cPanel before 70.0.23 allows stored XSS via a WHM Synchronize DNS Records action (SEC-377).
network
cpanel CWE-79
4.3
2019-08-01 CVE-2018-20922 Cross-site Scripting vulnerability in Cpanel
cPanel before 70.0.23 allows stored XSS via a WHM DNS Cleanup action (SEC-376).
network
cpanel CWE-79
4.3
2019-08-01 CVE-2018-20921 Cross-site Scripting vulnerability in Cpanel
cPanel before 70.0.23 allows stored XSS via a WHM "Delete a DNS Zone" action (SEC-375).
network
cpanel CWE-79
4.3
2019-08-01 CVE-2018-20920 Cross-site Scripting vulnerability in Cpanel
cPanel before 70.0.23 allows stored XSS via a WHM Edit DNS Zone action (SEC-374).
network
cpanel CWE-79
4.3
2019-08-01 CVE-2018-20919 Cross-site Scripting vulnerability in Cpanel
cPanel before 70.0.23 allows stored XSS via a WHM Create Account action (SEC-373).
network
cpanel CWE-79
4.3
2019-08-01 CVE-2018-20918 Cross-site Scripting vulnerability in Cpanel
cPanel before 70.0.23 allows stored XSS in WHM DNS Cluster (SEC-372).
network
cpanel CWE-79
4.3