Vulnerabilities > Cpanel > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-30 | CVE-2018-20868 | Cross-site Scripting vulnerability in Cpanel cPanel before 76.0.8 has Stored XSS in the WHM MultiPHP Manager interface (SEC-464). | 6.1 |
| 2019-07-30 | CVE-2018-20866 | Cross-site Scripting vulnerability in Cpanel cPanel before 76.0.8 has Stored XSS in the WHM "Reset a DNS Zone" feature (SEC-461). | 6.1 |
| 2019-07-30 | CVE-2018-20865 | Cross-site Scripting vulnerability in Cpanel cPanel before 76.0.8 has Self XSS in the WHM Additional Backup Destination field (SEC-459). | 6.1 |
| 2019-07-30 | CVE-2018-20864 | Improper Input Validation vulnerability in Cpanel cPanel before 76.0.8 allows a persistent Virtual FTP accounts after removal of its associated domain (SEC-454). | 6.5 |
| 2019-07-30 | CVE-2018-20867 | Open Redirect vulnerability in Cpanel cPanel before 76.0.8 has an open redirect when resetting connections (SEC-462). | 6.1 |
| 2019-07-30 | CVE-2019-14390 | Cross-site Scripting vulnerability in Cpanel cPanel before 82.0.2 has stored XSS in the WHM Modify Account interface (SEC-512). | 5.4 |
| 2019-07-30 | CVE-2019-14387 | Cross-site Scripting vulnerability in Cpanel cPanel before 82.0.2 has Self XSS in the cPanel and webmail master templates (SEC-506). | 6.1 |
| 2019-07-30 | CVE-2019-14386 | Cross-site Scripting vulnerability in Cpanel cPanel before 82.0.2 has stored XSS in the WHM Tomcat Manager interface (SEC-504). | 5.4 |
| 2018-08-30 | CVE-2018-16236 | Cross-site Scripting vulnerability in Cpanel cPanel through 74 allows XSS via a crafted filename in the logs subdirectory of a user account, because the filename is mishandled during frontend/THEME/raw/index.html rendering. | 6.1 |
| 2017-07-19 | CVE-2017-11441 | Cross-site Scripting vulnerability in Cpanel WHM The WHM Upload Locale interface in cPanel before 56.0.51, 58.x before 58.0.52, 60.x before 60.0.45, 62.x before 62.0.27, 64.x before 64.0.33, and 66.x before 66.0.2 has XSS via a locale filename, aka SEC-297. | 5.4 |