Vulnerabilities > Cpanel > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-07-01 | CVE-2009-2275 | Path Traversal vulnerability in Cpanel Directory traversal vulnerability in frontend/x3/stats/lastvisit.html in cPanel allows remote attackers to read arbitrary files via a .. | 5.0 |
| 2008-05-01 | CVE-2008-2043 | Cross-Site Request Forgery (CSRF) vulnerability in Cpanel 11.18.3/11.19.3 Multiple cross-site request forgery (CSRF) vulnerabilities in cPanel, possibly 11.18.3 and 11.19.3, allow remote attackers to (1) execute arbitrary code via the command1 parameter to frontend/x2/cron/editcronsimple.html, and perform various administrative actions via (2) frontend/x2/sql/adddb.html, (3) frontend/x2/sql/adduser.html, and (4) frontend/x2/ftp/doaddftp.html. | 4.3 |
| 2008-03-25 | CVE-2008-1499 | Cross-Site Scripting vulnerability in Cpanel 11.18.3/11.21 Cross-site scripting (XSS) vulnerability in frontend/x/manpage.html in cPanel 11.18.3 and 11.21.0-BETA allows remote attackers to inject arbitrary web script or HTML via the query string. | 4.3 |
| 2008-01-22 | CVE-2008-0370 | Cross-Site Scripting vulnerability in Cpanel 11.16 Cross-site scripting (XSS) vulnerability in dohtaccess.html in cPanel before 11.17 build 19417 allows remote attackers to inject arbitrary web script or HTML via the rurl parameter. | 4.3 |
| 2007-07-26 | CVE-2007-4022 | Cross-Site Scripting vulnerability in Cpanel 10.9.1 Cross-site scripting (XSS) vulnerability in frontend/x/htaccess/changepro.html in cPanel 10.9.1 allows remote attackers to inject arbitrary web script or HTML via the resname parameter. network cpanel | 4.3 |
| 2007-06-22 | CVE-2007-3366 | Path Disclosure And Cross-Site Scripting vulnerability in CPanel SCGIwrap Cross-site scripting (XSS) vulnerability in Simple CGI Wrapper (scgiwrap) in cPanel before 10.9.1, and 11.x before 11.4.19-R14378, allows remote attackers to inject arbitrary web script or HTML via the URI. network cpanel | 4.3 |
| 2007-02-12 | CVE-2007-0890 | Cross-Site Scripting vulnerability in CPanel PassWDMySQL Cross-site scripting (XSS) vulnerability in scripts/passwdmysql in cPanel WebHost Manager (WHM) 11.0.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the password parameter. network cpanel | 4.3 |
| 2006-12-14 | CVE-2006-6523 | Cross-Site Scripting vulnerability in Cpanel 11 Cross-site scripting (XSS) vulnerability in mail/manage.html in BoxTrapper in cPanel 11 allows remote attackers to inject arbitrary web script or HTML via the account parameter. network cpanel | 6.8 |
| 2006-12-01 | CVE-2006-6198 | Cross-Site Scripting vulnerability in Cpanel Webhost Manager 3.1.0 Multiple cross-site scripting (XSS) vulnerabilities in cPanel WebHost Manager (WHM) 3.1.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) email parameter to (a) scripts2/dochangeemail, the (2) supporturl parameter to (b) cgi/addon_configsupport.cgi, the (3) pkg parameter to (c) scripts/editpkg, the (4) domain parameter to (d) scripts2/domts2 and (e) scripts/editzone, the (5) feature parameter to (g) scripts2/dofeaturemanager, and the (6) ndomain parameter to (h) scripts/park. network cpanel | 6.0 |
| 2006-10-26 | CVE-2006-5535 | Cross-Site Scripting vulnerability in Cpanel 10.9.0R50 Multiple cross-site scripting (XSS) vulnerabilities in WebHostManager (WHM) 10.8.0 cPanel 10.9.0 R50 allow remote attackers to inject arbitrary web script or HTML via the (1) theme parameter to scripts/dosetmytheme and the (2) template parameter to scripts2/editzonetemplate. network cpanel | 4.3 |