Vulnerabilities > Cpanel > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-03-03 | CVE-2017-5616 | Cross-site Scripting vulnerability in Cpanel Cgiecho and Cgiemail Cross-site scripting (XSS) vulnerability in cgiemail and cgiecho allows remote attackers to inject arbitrary web script or HTML via the addendum parameter. | 6.1 |
| 2017-03-03 | CVE-2017-5615 | Open Redirect vulnerability in Cpanel Cgiecho and Cgiemail cgiemail and cgiecho allow remote attackers to inject HTTP headers via a newline character in the redirect location. | 6.1 |
| 2017-03-03 | CVE-2017-5614 | Open Redirect vulnerability in Cpanel Open redirect vulnerability in cgiemail and cgiecho allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the (1) success or (2) failure parameter. | 6.1 |
| 2004-10-18 | CVE-2004-1603 | Link Following vulnerability in Cpanel 9.4.1 cPanel 9.4.1-RELEASE-64 follows hard links, which allows local users to (1) read arbitrary files via the backup feature or (2) chown arbitrary files via the .htaccess file when Front Page extensions are enabled or disabled. | 5.5 |