Vulnerabilities > Cpanel > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-08-01 CVE-2016-10860 Improper Access Control vulnerability in Cpanel
cPanel before 11.54.0.0 allows unauthorized zone modification via the WHM API (SEC-66).
network
low complexity
cpanel CWE-284
5.5
2019-08-01 CVE-2016-10859 Improper Authorization vulnerability in Cpanel
cPanel before 11.54.0.0 allows unauthorized password changes via Webmail API commands (SEC-65).
network
low complexity
cpanel CWE-285
5.5
2019-08-01 CVE-2016-10857 Improper Access Control vulnerability in Cpanel
cPanel before 11.54.0.0 allows a bypass of the e-mail sending limit (SEC-60).
network
low complexity
cpanel CWE-284
4.0
2019-08-01 CVE-2016-10856 Improper Access Control vulnerability in Cpanel
cPanel before 11.54.0.0 allows subaccounts to discover sensitive data through comet feeds (SEC-29).
network
low complexity
cpanel CWE-284
4.0
2019-08-01 CVE-2016-10852 Improper Access Control vulnerability in Cpanel
cPanel before 11.54.0.4 lacks ACL enforcement in the AppConfig subsystem (SEC-85).
network
low complexity
cpanel CWE-284
4.0
2019-08-01 CVE-2015-9291 Improper Access Control vulnerability in Cpanel
cPanel before 11.52.0.13 does not prevent arbitrary file-read operations via get_information_for_applications (CPANEL-1221).
network
low complexity
cpanel CWE-284
5.0
2019-08-01 CVE-2018-20900 Cross-site Scripting vulnerability in Cpanel
cPanel before 71.9980.37 allows stored XSS in the YUM autorepair functionality (SEC-399).
network
cpanel CWE-79
4.3
2019-08-01 CVE-2018-20899 Cross-site Scripting vulnerability in Cpanel
cPanel before 71.9980.37 allows stored XSS in the WHM cPAddons installation interface (SEC-398).
network
cpanel CWE-79
4.3
2019-08-01 CVE-2018-20898 Injection vulnerability in Cpanel
cPanel before 71.9980.37 allows e-mail injection during cPAddons moderation (SEC-396).
network
low complexity
cpanel CWE-74
4.0
2019-08-01 CVE-2018-20895 Improper Input Validation vulnerability in Cpanel
In cPanel before 71.9980.37, API tokens retain ACLs after those ACLs are removed from the corresponding accounts (SEC-393).
network
low complexity
cpanel CWE-20
6.5