Cpanel : Security Vulnerabilities, CVEs, CVSS score between 2 and 6.99
An issue was discovered in cPanel before 11.109.9999.116. XSS can occur on the cpsrvd error page via an invalid webcall ID, aka SEC-669. The fixed versions are 11.109.9999.116, 11.108.0.13, 11.106.0.18, and 11.102.0.31.
Max CVSS
6.1
EPSS Score
0.33%
Published
2023-04-27
Updated
2023-05-05
In cPanel before 96.0.8, weak permissions on web stats can lead to information disclosure (SEC-584).
Max CVSS
5.5
EPSS Score
0.04%
Published
2021-08-11
Updated
2022-05-03
In cPanel before 98.0.1, /scripts/cpan_config performs unsafe operations on files (SEC-589).
Max CVSS
4.4
EPSS Score
0.04%
Published
2021-08-11
Updated
2021-08-20
cPanel before 94.0.3 allows self-XSS via EasyApache 4 Save Profile (SEC-581).
Max CVSS
6.1
EPSS Score
0.08%
Published
2021-04-26
Updated
2021-05-06
cPanel before 90.0.17 allows self-XSS via the WHM Transfer Tool interface (SEC-577).
Max CVSS
6.1
EPSS Score
0.08%
Published
2020-11-27
Updated
2020-12-01
In cPanel before 90.0.17, 2FA can be bypassed via a brute-force approach (SEC-575).
Max CVSS
6.5
EPSS Score
0.11%
Published
2020-11-27
Updated
2022-04-26
cPanel before 90.0.17 has multiple instances of URL parameter injection (SEC-567).
Max CVSS
4.1
EPSS Score
0.05%
Published
2020-11-27
Updated
2021-07-21
cPanel before 90.0.10 allows self XSS via the Cron Editor interface (SEC-574).
Max CVSS
6.1
EPSS Score
0.08%
Published
2020-09-25
Updated
2020-09-25
cPanel before 90.0.10 allows self XSS via the Cron Jobs interface (SEC-573).
Max CVSS
6.1
EPSS Score
0.08%
Published
2020-09-25
Updated
2020-09-25
cPanel before 90.0.10 allows self XSS via WHM Manage API Tokens interfaces (SEC-569).
Max CVSS
6.1
EPSS Score
0.08%
Published
2020-09-25
Updated
2020-09-29
cPanel before 90.0.10 allows self XSS via the WHM Edit DNS Zone interface (SEC-566).
Max CVSS
6.1
EPSS Score
0.08%
Published
2020-09-25
Updated
2020-09-29
cPanel before 88.0.13 allows self XSS via DNS Zone Manager DNSSEC interfaces (SEC-564).
Max CVSS
6.1
EPSS Score
0.08%
Published
2020-09-25
Updated
2020-09-29
cPanel before 86.0.14 allows remote attackers to trigger a bandwidth suspension via mail log strings (SEC-505).
Max CVSS
5.3
EPSS Score
0.17%
Published
2020-05-11
Updated
2021-07-21
cPanel before 84.0.20 allows a webmail or demo account to delete arbitrary files (SEC-547).
Max CVSS
6.5
EPSS Score
0.09%
Published
2020-03-17
Updated
2021-07-21
cPanel before 84.0.20 allows attackers to bypass intended restrictions on features and demo accounts via WebDisk UAPI calls (SEC-541).
Max CVSS
5.3
EPSS Score
0.07%
Published
2020-03-17
Updated
2021-07-21
cPanel before 84.0.20 allows stored self-XSS via the HTML file editor (SEC-535).
Max CVSS
6.1
EPSS Score
0.08%
Published
2020-03-17
Updated
2020-03-19
cPanel before 84.0.20 allows self XSS via a temporary character-set specification (SEC-515).
Max CVSS
6.1
EPSS Score
0.08%
Published
2020-03-17
Updated
2020-03-19
cPanel before 82.0.18 allows stored XSS via WHM Backup Restoration (SEC-533).
Max CVSS
5.4
EPSS Score
0.05%
Published
2020-03-17
Updated
2020-03-19
cPanel before 82.0.18 allows attackers to conduct arbitrary chown operations as root during log processing (SEC-532).
Max CVSS
5.5
EPSS Score
0.04%
Published
2020-03-17
Updated
2020-03-19
cPanel before 82.0.18 allows attackers to read an arbitrary database via MySQL dump streaming (SEC-531).
Max CVSS
6.5
EPSS Score
0.07%
Published
2020-03-17
Updated
2021-07-21
In cPanel before 82.0.18, Cpanel::Rand::Get can produce a predictable series of numbers (SEC-525).
Max CVSS
3.3
EPSS Score
0.04%
Published
2020-03-17
Updated
2021-07-21
cPanel before 82.0.18 allows self-XSS because JSON string escaping is mishandled (SEC-520).
Max CVSS
6.1
EPSS Score
0.08%
Published
2020-03-17
Updated
2020-03-18
cPanel before 82.0.18 allows attackers to leverage virtual mail accounts in order to bypass account suspensions (SEC-508).
Max CVSS
5.5
EPSS Score
0.05%
Published
2020-03-16
Updated
2020-08-24
cPanel before 82.0.15 allows self XSS in the WHM Update Preferences interface (SEC-528).
Max CVSS
6.1
EPSS Score
0.08%
Published
2019-10-09
Updated
2019-10-09
cPanel before 82.0.15 allows self stored XSS in the WHM SSL Storage Manager interface (SEC-527).
Max CVSS
6.1
EPSS Score
0.08%
Published
2019-10-09
Updated
2019-10-09