Vulnerabilities > Cpanel > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-08-01 CVE-2018-20899 Cross-site Scripting vulnerability in Cpanel
cPanel before 71.9980.37 allows stored XSS in the WHM cPAddons installation interface (SEC-398).
network
low complexity
cpanel CWE-79
6.1
2019-08-01 CVE-2018-20898 Injection vulnerability in Cpanel
cPanel before 71.9980.37 allows e-mail injection during cPAddons moderation (SEC-396).
network
low complexity
cpanel CWE-74
4.3
2019-08-01 CVE-2018-20892 Unspecified vulnerability in Cpanel
cPanel before 74.0.0 allows arbitrary zone file modifications because of incorrect CAA record handling (SEC-439).
network
low complexity
cpanel
4.3
2019-08-01 CVE-2018-20891 Improper Input Validation vulnerability in Cpanel
cPanel before 74.0.0 allows arbitrary file-read operations during File Restoration (SEC-436).
local
low complexity
cpanel CWE-20
5.5
2019-08-01 CVE-2018-20890 Improper Access Control vulnerability in Cpanel
cPanel before 74.0.0 allows arbitrary zone file modifications during record edits (SEC-426).
network
low complexity
cpanel CWE-284
4.3
2019-08-01 CVE-2018-20889 Information Exposure vulnerability in Cpanel
cPanel before 74.0.0 allows certain file-read operations via password file caching (SEC-425).
local
low complexity
cpanel CWE-200
4.4
2019-08-01 CVE-2018-20888 Improper Authentication vulnerability in Cpanel
cPanel before 74.0.0 allows file modification in the context of the root account because of incorrect HTTP authentication (SEC-424).
local
low complexity
cpanel CWE-287
5.5
2019-08-01 CVE-2018-20886 Insecure Storage of Sensitive Information vulnerability in Cpanel
cPanel before 74.0.0 insecurely stores phpMyAdmin session files (SEC-418).
local
low complexity
cpanel CWE-922
5.3
2019-08-01 CVE-2018-20885 Injection vulnerability in Cpanel
cPanel before 74.0.0 allows Apache HTTP Server configuration injection because of DocumentRoot variable interpolation (SEC-416).
network
low complexity
cpanel CWE-74
5.3
2019-08-01 CVE-2018-20884 Cross-site Scripting vulnerability in Cpanel
cPanel before 74.0.0 allows stored XSS in the WHM File Restoration interface (SEC-367).
network
low complexity
cpanel CWE-79
5.4