An issue was discovered in cPanel before 11.109.9999.116. XSS can occur on the cpsrvd error page via an invalid webcall ID, aka SEC-669. The fixed versions are 11.109.9999.116, 11.108.0.13, 11.106.0.18, and 11.102.0.31.
Max CVSS
6.1
EPSS Score
0.30%
Published
2023-04-27
Updated
2023-05-05
In cPanel before 96.0.8, weak permissions on web stats can lead to information disclosure (SEC-584).
Max CVSS
5.5
EPSS Score
0.04%
Published
2021-08-11
Updated
2022-05-03
In cPanel before 96.0.13, scripts/fix-cpanel-perl does not properly restrict the overwriting of files (SEC-588).
Max CVSS
8.1
EPSS Score
0.08%
Published
2021-08-11
Updated
2021-08-20
In cPanel before 96.0.13, fix_cpanel_perl lacks verification of the integrity of downloads (SEC-587).
Max CVSS
8.1
EPSS Score
0.20%
Published
2021-08-11
Updated
2021-08-20
In cPanel before 96.0.13, scripts/fix-cpanel-perl mishandles the creation of temporary files (SEC-586).
Max CVSS
7.5
EPSS Score
0.07%
Published
2021-08-11
Updated
2022-07-12
In cPanel before 98.0.1, /scripts/cpan_config performs unsafe operations on files (SEC-589).
Max CVSS
4.4
EPSS Score
0.04%
Published
2021-08-11
Updated
2021-08-20
The WHM Locale Upload feature in cPanel before 98.0.1 allows unserialization attacks (SEC-585).
Max CVSS
7.2
EPSS Score
0.10%
Published
2021-08-11
Updated
2021-08-20
The WHM Locale Upload feature in cPanel before 98.0.1 allows XXE attacks (SEC-585).
Max CVSS
7.2
EPSS Score
0.10%
Published
2021-08-11
Updated
2021-08-20
cPanel before 94.0.3 allows self-XSS via EasyApache 4 Save Profile (SEC-581).
Max CVSS
6.1
EPSS Score
0.08%
Published
2021-04-26
Updated
2021-05-06
cPanel before 92.0.9 allows a MySQL user (who has an old-style password hash) to bypass suspension (SEC-579).
Max CVSS
7.5
EPSS Score
0.08%
Published
2021-01-26
Updated
2021-02-03
cPanel before 92.0.9 allows a Reseller to bypass the suspension lock (SEC-578).
Max CVSS
7.5
EPSS Score
0.08%
Published
2021-01-26
Updated
2021-02-03
cPanel before 90.0.17 allows self-XSS via the WHM Transfer Tool interface (SEC-577).
Max CVSS
6.1
EPSS Score
0.08%
Published
2020-11-27
Updated
2020-12-01
In cPanel before 90.0.17, 2FA can be bypassed via a brute-force approach (SEC-575).
Max CVSS
6.5
EPSS Score
0.11%
Published
2020-11-27
Updated
2022-04-26
cPanel before 90.0.17 has multiple instances of URL parameter injection (SEC-567).
Max CVSS
4.1
EPSS Score
0.05%
Published
2020-11-27
Updated
2021-07-21
cPanel before 90.0.10 allows self XSS via the Cron Editor interface (SEC-574).
Max CVSS
6.1
EPSS Score
0.08%
Published
2020-09-25
Updated
2020-09-25
cPanel before 90.0.10 allows self XSS via the Cron Jobs interface (SEC-573).
Max CVSS
6.1
EPSS Score
0.08%
Published
2020-09-25
Updated
2020-09-25
cPanel before 90.0.10 allows self XSS via WHM Manage API Tokens interfaces (SEC-569).
Max CVSS
6.1
EPSS Score
0.08%
Published
2020-09-25
Updated
2020-09-29
The email quota cache in cPanel before 90.0.10 allows overwriting of files.
Max CVSS
7.5
EPSS Score
0.08%
Published
2020-09-25
Updated
2020-09-29
cPanel before 90.0.10 allows self XSS via the WHM Edit DNS Zone interface (SEC-566).
Max CVSS
6.1
EPSS Score
0.08%
Published
2020-09-25
Updated
2020-09-29
cPanel before 88.0.13 allows self XSS via DNS Zone Manager DNSSEC interfaces (SEC-564).
Max CVSS
6.1
EPSS Score
0.08%
Published
2020-09-25
Updated
2020-09-29
cPanel before 88.0.13 allows bypass of a protection mechanism that attempted to restrict package modification (SEC-557).
Max CVSS
7.5
EPSS Score
0.08%
Published
2020-09-25
Updated
2020-09-29
cPanel before 88.0.13 mishandles file-extension dispatching, leading to code execution (SEC-488).
Max CVSS
9.8
EPSS Score
0.43%
Published
2020-09-25
Updated
2020-09-29
cPanel before 88.0.3, upon an upgrade, establishes predictable PowerDNS API keys (SEC-561).
Max CVSS
7.5
EPSS Score
0.17%
Published
2020-09-25
Updated
2021-07-21
cPanel before 88.0.3 has weak permissions (world readable) for the proxy subdomains log file (SEC-558).
Max CVSS
7.5
EPSS Score
0.17%
Published
2020-09-25
Updated
2021-07-21
In cPanel before 88.0.3, insecure chkservd test credentials are used on a templated VM (SEC-554).
Max CVSS
9.8
EPSS Score
0.31%
Published
2020-09-25
Updated
2021-07-21
424 vulnerabilities found
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!