Vulnerabilities > Cpanel > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-03-03 CVE-2017-5616 Cross-site Scripting vulnerability in Cpanel Cgiecho and Cgiemail
Cross-site scripting (XSS) vulnerability in cgiemail and cgiecho allows remote attackers to inject arbitrary web script or HTML via the addendum parameter.
network
low complexity
cpanel CWE-79
6.1
2017-03-03 CVE-2017-5615 Open Redirect vulnerability in Cpanel Cgiecho and Cgiemail
cgiemail and cgiecho allow remote attackers to inject HTTP headers via a newline character in the redirect location.
network
low complexity
cpanel CWE-601
6.1
2017-03-03 CVE-2017-5614 Open Redirect vulnerability in Cpanel
Open redirect vulnerability in cgiemail and cgiecho allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the (1) success or (2) failure parameter.
network
low complexity
cpanel CWE-601
6.1
2004-10-18 CVE-2004-1603 Link Following vulnerability in Cpanel 9.4.1
cPanel 9.4.1-RELEASE-64 follows hard links, which allows local users to (1) read arbitrary files via the backup feature or (2) chown arbitrary files via the .htaccess file when Front Page extensions are enabled or disabled.
local
low complexity
cpanel CWE-59
5.5