Vulnerabilities > Cpanel > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-07-30 CVE-2018-20868 Cross-site Scripting vulnerability in Cpanel
cPanel before 76.0.8 has Stored XSS in the WHM MultiPHP Manager interface (SEC-464).
network
low complexity
cpanel CWE-79
6.1
2019-07-30 CVE-2018-20866 Cross-site Scripting vulnerability in Cpanel
cPanel before 76.0.8 has Stored XSS in the WHM "Reset a DNS Zone" feature (SEC-461).
network
low complexity
cpanel CWE-79
6.1
2019-07-30 CVE-2018-20865 Cross-site Scripting vulnerability in Cpanel
cPanel before 76.0.8 has Self XSS in the WHM Additional Backup Destination field (SEC-459).
network
low complexity
cpanel CWE-79
6.1
2019-07-30 CVE-2018-20864 Improper Input Validation vulnerability in Cpanel
cPanel before 76.0.8 allows a persistent Virtual FTP accounts after removal of its associated domain (SEC-454).
network
low complexity
cpanel CWE-20
6.5
2019-07-30 CVE-2018-20867 Open Redirect vulnerability in Cpanel
cPanel before 76.0.8 has an open redirect when resetting connections (SEC-462).
network
low complexity
cpanel CWE-601
6.1
2019-07-30 CVE-2019-14390 Cross-site Scripting vulnerability in Cpanel
cPanel before 82.0.2 has stored XSS in the WHM Modify Account interface (SEC-512).
network
low complexity
cpanel CWE-79
5.4
2019-07-30 CVE-2019-14387 Cross-site Scripting vulnerability in Cpanel
cPanel before 82.0.2 has Self XSS in the cPanel and webmail master templates (SEC-506).
network
low complexity
cpanel CWE-79
6.1
2019-07-30 CVE-2019-14386 Cross-site Scripting vulnerability in Cpanel
cPanel before 82.0.2 has stored XSS in the WHM Tomcat Manager interface (SEC-504).
network
low complexity
cpanel CWE-79
5.4
2018-08-30 CVE-2018-16236 Cross-site Scripting vulnerability in Cpanel
cPanel through 74 allows XSS via a crafted filename in the logs subdirectory of a user account, because the filename is mishandled during frontend/THEME/raw/index.html rendering.
network
low complexity
cpanel CWE-79
6.1
2017-07-19 CVE-2017-11441 Cross-site Scripting vulnerability in Cpanel WHM
The WHM Upload Locale interface in cPanel before 56.0.51, 58.x before 58.0.52, 60.x before 60.0.45, 62.x before 62.0.27, 64.x before 64.0.33, and 66.x before 66.0.2 has XSS via a locale filename, aka SEC-297.
network
low complexity
cpanel CWE-79
5.4