An issue was discovered in cPanel before 11.109.9999.116. XSS can occur on the cpsrvd error page via an invalid webcall ID, aka SEC-669. The fixed versions are 11.109.9999.116, 11.108.0.13, 11.106.0.18, and 11.102.0.31.
Max CVSS
6.1
EPSS Score
0.33%
Published
2023-04-27
Updated
2023-05-05
In cPanel before 96.0.8, weak permissions on web stats can lead to information disclosure (SEC-584).
Max CVSS
5.5
EPSS Score
0.04%
Published
2021-08-11
Updated
2022-05-03
In cPanel before 98.0.1, /scripts/cpan_config performs unsafe operations on files (SEC-589).
Max CVSS
4.4
EPSS Score
0.04%
Published
2021-08-11
Updated
2021-08-20
cPanel before 94.0.3 allows self-XSS via EasyApache 4 Save Profile (SEC-581).
Max CVSS
6.1
EPSS Score
0.08%
Published
2021-04-26
Updated
2021-05-06
cPanel before 90.0.17 allows self-XSS via the WHM Transfer Tool interface (SEC-577).
Max CVSS
6.1
EPSS Score
0.08%
Published
2020-11-27
Updated
2020-12-01
In cPanel before 90.0.17, 2FA can be bypassed via a brute-force approach (SEC-575).
Max CVSS
6.5
EPSS Score
0.11%
Published
2020-11-27
Updated
2022-04-26
cPanel before 90.0.17 has multiple instances of URL parameter injection (SEC-567).
Max CVSS
4.1
EPSS Score
0.05%
Published
2020-11-27
Updated
2021-07-21
cPanel before 90.0.10 allows self XSS via the Cron Editor interface (SEC-574).
Max CVSS
6.1
EPSS Score
0.08%
Published
2020-09-25
Updated
2020-09-25
cPanel before 90.0.10 allows self XSS via the Cron Jobs interface (SEC-573).
Max CVSS
6.1
EPSS Score
0.08%
Published
2020-09-25
Updated
2020-09-25
cPanel before 90.0.10 allows self XSS via WHM Manage API Tokens interfaces (SEC-569).
Max CVSS
6.1
EPSS Score
0.08%
Published
2020-09-25
Updated
2020-09-29
cPanel before 90.0.10 allows self XSS via the WHM Edit DNS Zone interface (SEC-566).
Max CVSS
6.1
EPSS Score
0.08%
Published
2020-09-25
Updated
2020-09-29
cPanel before 88.0.13 allows self XSS via DNS Zone Manager DNSSEC interfaces (SEC-564).
Max CVSS
6.1
EPSS Score
0.08%
Published
2020-09-25
Updated
2020-09-29
cPanel before 86.0.14 allows remote attackers to trigger a bandwidth suspension via mail log strings (SEC-505).
Max CVSS
5.3
EPSS Score
0.17%
Published
2020-05-11
Updated
2021-07-21
cPanel before 84.0.20 allows a webmail or demo account to delete arbitrary files (SEC-547).
Max CVSS
6.5
EPSS Score
0.09%
Published
2020-03-17
Updated
2021-07-21
cPanel before 84.0.20 allows attackers to bypass intended restrictions on features and demo accounts via WebDisk UAPI calls (SEC-541).
Max CVSS
5.3
EPSS Score
0.07%
Published
2020-03-17
Updated
2021-07-21
cPanel before 84.0.20 allows stored self-XSS via the HTML file editor (SEC-535).
Max CVSS
6.1
EPSS Score
0.08%
Published
2020-03-17
Updated
2020-03-19
cPanel before 84.0.20 allows self XSS via a temporary character-set specification (SEC-515).
Max CVSS
6.1
EPSS Score
0.08%
Published
2020-03-17
Updated
2020-03-19
cPanel before 82.0.18 allows stored XSS via WHM Backup Restoration (SEC-533).
Max CVSS
5.4
EPSS Score
0.05%
Published
2020-03-17
Updated
2020-03-19
cPanel before 82.0.18 allows attackers to conduct arbitrary chown operations as root during log processing (SEC-532).
Max CVSS
5.5
EPSS Score
0.04%
Published
2020-03-17
Updated
2020-03-19
cPanel before 82.0.18 allows attackers to read an arbitrary database via MySQL dump streaming (SEC-531).
Max CVSS
6.5
EPSS Score
0.07%
Published
2020-03-17
Updated
2021-07-21
In cPanel before 82.0.18, Cpanel::Rand::Get can produce a predictable series of numbers (SEC-525).
Max CVSS
3.3
EPSS Score
0.04%
Published
2020-03-17
Updated
2021-07-21
cPanel before 82.0.18 allows self-XSS because JSON string escaping is mishandled (SEC-520).
Max CVSS
6.1
EPSS Score
0.08%
Published
2020-03-17
Updated
2020-03-18
cPanel before 82.0.18 allows attackers to leverage virtual mail accounts in order to bypass account suspensions (SEC-508).
Max CVSS
5.5
EPSS Score
0.05%
Published
2020-03-16
Updated
2020-08-24
cPanel before 82.0.15 allows self XSS in the WHM Update Preferences interface (SEC-528).
Max CVSS
6.1
EPSS Score
0.08%
Published
2019-10-09
Updated
2019-10-09
cPanel before 82.0.15 allows self stored XSS in the WHM SSL Storage Manager interface (SEC-527).
Max CVSS
6.1
EPSS Score
0.08%
Published
2019-10-09
Updated
2019-10-09
296 vulnerabilities found
1 2 3 4 5 6 7 8 9 10 11 12
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!