Vulnerabilities > Cpanel > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-10-09 CVE-2019-17376 Cross-site Scripting vulnerability in Cpanel
cPanel before 82.0.15 allows self XSS in the SSL Certificate Upload interface (SEC-521).
network
cpanel CWE-79
4.3
2019-10-09 CVE-2019-17375 Insufficient Session Expiration vulnerability in Cpanel
cPanel before 82.0.15 allows API token credentials to persist after an account has been renamed or terminated (SEC-517).
network
low complexity
cpanel CWE-613
6.5
2019-08-07 CVE-2016-10807 Improper Input Validation vulnerability in Cpanel
cPanel before 57.9999.54 allows certain denial-of-service outcomes via /scripts/killpvhost (SEC-112).
network
low complexity
cpanel CWE-20
4.0
2019-08-07 CVE-2016-10805 Improper Input Validation vulnerability in Cpanel
cPanel before 57.9999.54 allows demo accounts to execute arbitrary code via ajax_maketext_syntax_util.pl (SEC-109).
network
low complexity
cpanel CWE-20
6.5
2019-08-07 CVE-2016-10803 CRLF Injection vulnerability in Cpanel
cPanel before 57.9999.105 allows newline injection via LOC records (CPANEL-6923).
network
low complexity
cpanel CWE-93
5.0
2019-08-07 CVE-2016-10802 Improper Access Control vulnerability in Cpanel
cPanel before 58.0.4 allows code execution in the context of other user accounts through the PHP CGI handler (SEC-142).
network
low complexity
cpanel CWE-284
6.5
2019-08-07 CVE-2016-10801 Injection vulnerability in Cpanel
cPanel before 58.0.4 has improper session handling for shared users (SEC-139).
network
low complexity
cpanel CWE-74
6.5
2019-08-07 CVE-2016-10800 Improper Input Validation vulnerability in Cpanel
cPanel before 58.0.4 allows demo-mode escape via Site Templates and Boxtrapper API calls (SEC-138).
network
cpanel CWE-20
6.8
2019-08-07 CVE-2016-10798 Race Condition vulnerability in Cpanel
cPanel before 58.0.4 allows a file-ownership change (to nobody) via rearrangeacct (SEC-134).
network
cpanel CWE-362
4.9
2019-08-06 CVE-2016-10797 Information Exposure vulnerability in Cpanel
cPanel before 58.0.4 allows WHM "Purchase and Install an SSL Certificate" page visitors to list all server domains (SEC-133).
network
low complexity
cpanel CWE-200
4.0