Vulnerabilities > Cpanel > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-08-01 | CVE-2018-20899 | Cross-site Scripting vulnerability in Cpanel cPanel before 71.9980.37 allows stored XSS in the WHM cPAddons installation interface (SEC-398). | 6.1 |
| 2019-08-01 | CVE-2018-20898 | Injection vulnerability in Cpanel cPanel before 71.9980.37 allows e-mail injection during cPAddons moderation (SEC-396). | 4.3 |
| 2019-08-01 | CVE-2018-20892 | Unspecified vulnerability in Cpanel cPanel before 74.0.0 allows arbitrary zone file modifications because of incorrect CAA record handling (SEC-439). | 4.3 |
| 2019-08-01 | CVE-2018-20891 | Improper Input Validation vulnerability in Cpanel cPanel before 74.0.0 allows arbitrary file-read operations during File Restoration (SEC-436). | 5.5 |
| 2019-08-01 | CVE-2018-20890 | Improper Access Control vulnerability in Cpanel cPanel before 74.0.0 allows arbitrary zone file modifications during record edits (SEC-426). | 4.3 |
| 2019-08-01 | CVE-2018-20889 | Information Exposure vulnerability in Cpanel cPanel before 74.0.0 allows certain file-read operations via password file caching (SEC-425). | 4.4 |
| 2019-08-01 | CVE-2018-20888 | Improper Authentication vulnerability in Cpanel cPanel before 74.0.0 allows file modification in the context of the root account because of incorrect HTTP authentication (SEC-424). | 5.5 |
| 2019-08-01 | CVE-2018-20886 | Insecure Storage of Sensitive Information vulnerability in Cpanel cPanel before 74.0.0 insecurely stores phpMyAdmin session files (SEC-418). | 5.3 |
| 2019-08-01 | CVE-2018-20885 | Injection vulnerability in Cpanel cPanel before 74.0.0 allows Apache HTTP Server configuration injection because of DocumentRoot variable interpolation (SEC-416). | 5.3 |
| 2019-08-01 | CVE-2018-20884 | Cross-site Scripting vulnerability in Cpanel cPanel before 74.0.0 allows stored XSS in the WHM File Restoration interface (SEC-367). | 5.4 |