Cpanel : Security Vulnerabilities, CVEs, CVSS score between 6 and 6.99

Cross-site scripting (XSS) vulnerability in cPanel 6.4.2 allows remote attackers to insert arbitrary HTML and possibly gain cPanel administrator privileges via script in a URL that is logged but not properly quoted when displayed via the (1) Error Log or (2) Latest Visitors screens.

Multiple cross-site scripting (XSS) vulnerabilities in cPanel WebHost Manager (WHM) 3.1.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) email parameter to (a) scripts2/dochangeemail, the (2) supporturl parameter to (b) cgi/addon_configsupport.cgi, the (3) pkg parameter to (c) scripts/editpkg, the (4) domain parameter to (d) scripts2/domts2 and (e) scripts/editzone, the (5) feature parameter to (g) scripts2/dofeaturemanager, and the (6) ndomain parameter to (h) scripts/park.

Cross-site scripting (XSS) vulnerability in mail/manage.html in BoxTrapper in cPanel 11 allows remote attackers to inject arbitrary web script or HTML via the account parameter.

Cross-site Scripting (XSS) in cPanel WebHost Manager (WHM) 11.34.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

cPanel before 60.0.25 allows file-overwrite operations during preparation for MySQL upgrades (SEC-161).

cPanel before 60.0.25 allows an open redirect via /cgi-sys/FormMail-clone.cgi (SEC-162).

cPanel before 60.0.25 allows arbitrary file-overwrite operations during a Roundcube update (SEC-164).

cPanel before 60.0.25 allows arbitrary file-chown operations via reassign_post_terminate_cruft (SEC-173).

cPanel before 60.0.25 allows attackers to discover file contents during file copy operations (SEC-185).

cPanel before 60.0.25 allows members of the nobody group to read Apache HTTP Server SSL keys (SEC-186).

cPanel before 59.9999.145 allows arbitrary file-read operations because of a multipart form processing error (SEC-154).

cPanel before 59.9999.145 allows stored XSS in the WHM tail_upcp2.cgi interface (SEC-156).

cPanel before 58.0.4 allows a file-ownership change (to nobody) via rearrangeacct (SEC-134).

cPanel before 57.9999.54 allows certain denial-of-service outcomes via /scripts/killpvhost (SEC-112).

cPanel before 57.9999.54 allows arbitrary file-read operations for Webmail accounts via Branding APIs (SEC-120).

cPanel before 57.9999.54 incorrectly sets log-file permissions in dnsadmin-startup and spamd-startup (SEC-124).

In cPanel before 57.9999.54, user log files become world-readable when rotated by cpanellogd (SEC-125).

In cPanel before 55.9999.141, Scripts/addpop reveals a command-line password in a process list (SEC-75).

cPanel before 55.9999.141 allows arbitrary file-read operations because of a multipart form processing error (SEC-99).

cPanel before 55.9999.141 allows FTP cPHulk bypass via account name munging (SEC-102).

cPanel before 55.9999.141 allows arbitrary file-read operations during authentication with caldav (SEC-108).

cPanel before 11.54.0.4 allows arbitrary file-read operations via the bin/fmq script (SEC-70).

cPanel before 11.54.0.4 allows certain file-read operations in bin/setup_global_spam_filter.pl (SEC-74).

The chcpass script in cPanel before 11.54.0.4 reveals a password hash (SEC-77).

cPanel before 11.54.0.4 allows certain file-chmod operations in scripts/secureit (SEC-82).