Vulnerabilities > Cpanel > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-07-30 CVE-2019-14397 Unspecified vulnerability in Cpanel
cPanel before 80.0.5 allows demo accounts to modify arbitrary files via the extractfile API1 call (SEC-496).
network
low complexity
cpanel
5.0
2019-07-30 CVE-2019-14393 Unspecified vulnerability in Cpanel
cPanel before 80.0.5 allows local code execution in the context of a different cPanel account because of insecure cpphp execution (SEC-486).
local
low complexity
cpanel
4.6
2019-07-30 CVE-2018-20868 Cross-site Scripting vulnerability in Cpanel
cPanel before 76.0.8 has Stored XSS in the WHM MultiPHP Manager interface (SEC-464).
network
cpanel CWE-79
4.3
2019-07-30 CVE-2018-20866 Cross-site Scripting vulnerability in Cpanel
cPanel before 76.0.8 has Stored XSS in the WHM "Reset a DNS Zone" feature (SEC-461).
network
cpanel CWE-79
4.3
2019-07-30 CVE-2018-20865 Cross-site Scripting vulnerability in Cpanel
cPanel before 76.0.8 has Self XSS in the WHM Additional Backup Destination field (SEC-459).
network
cpanel CWE-79
4.3
2019-07-30 CVE-2018-20864 Improper Input Validation vulnerability in Cpanel
cPanel before 76.0.8 allows a persistent Virtual FTP accounts after removal of its associated domain (SEC-454).
network
low complexity
cpanel CWE-20
6.4
2019-07-30 CVE-2019-14392 Unspecified vulnerability in Cpanel
cPanel before 80.0.22 allows remote code execution by a demo account because of incorrect URI dispatching (SEC-501).
network
low complexity
cpanel
6.5
2019-07-30 CVE-2018-20867 Open Redirect vulnerability in Cpanel
cPanel before 76.0.8 has an open redirect when resetting connections (SEC-462).
network
cpanel CWE-601
5.8
2019-07-30 CVE-2019-14388 Unspecified vulnerability in Cpanel
cPanel before 82.0.2 allows unauthenticated file creation because Exim log parsing is mishandled (SEC-507).
network
low complexity
cpanel
5.0
2019-07-30 CVE-2019-14387 Cross-site Scripting vulnerability in Cpanel
cPanel before 82.0.2 has Self XSS in the cPanel and webmail master templates (SEC-506).
network
cpanel CWE-79
4.3