Vulnerabilities > Cpanel > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-08-01 | CVE-2018-20903 | Cross-site Scripting vulnerability in Cpanel cPanel before 71.9980.37 allows self XSS in the WHM Backup Configuration interface (SEC-421). | 6.1 |
| 2019-08-01 | CVE-2018-20902 | Information Exposure vulnerability in Cpanel cPanel before 71.9980.37 allows attackers to read root's crontab file by leveraging ClamAV installation (SEC-408). | 5.5 |
| 2019-08-01 | CVE-2018-20901 | Cross-site Scripting vulnerability in Cpanel cPanel before 71.9980.37 allows Remote-Stored XSS in WHM Save Theme Interface (SEC-400). | 6.1 |
| 2019-08-01 | CVE-2016-10857 | Improper Access Control vulnerability in Cpanel cPanel before 11.54.0.0 allows a bypass of the e-mail sending limit (SEC-60). | 6.5 |
| 2019-08-01 | CVE-2016-10856 | Improper Access Control vulnerability in Cpanel cPanel before 11.54.0.0 allows subaccounts to discover sensitive data through comet feeds (SEC-29). | 6.5 |
| 2019-08-01 | CVE-2016-10854 | Cross-site Scripting vulnerability in Cpanel cPanel before 11.54.0.4 allows self XSS in the X3 Entropy Banner interface (SEC-87). | 5.4 |
| 2019-08-01 | CVE-2016-10853 | Cross-site Scripting vulnerability in Cpanel cPanel before 11.54.0.4 allows stored XSS in the WHM Feature Manager interface (SEC-86). | 5.4 |
| 2019-08-01 | CVE-2016-10852 | Improper Access Control vulnerability in Cpanel cPanel before 11.54.0.4 lacks ACL enforcement in the AppConfig subsystem (SEC-85). | 6.5 |
| 2019-08-01 | CVE-2016-10851 | Cross-site Scripting vulnerability in Cpanel cPanel before 11.54.0.4 allows self XSS in the WHM PHP Configuration editor interface (SEC-84). | 5.4 |
| 2019-08-01 | CVE-2018-20900 | Cross-site Scripting vulnerability in Cpanel cPanel before 71.9980.37 allows stored XSS in the YUM autorepair functionality (SEC-399). | 6.1 |