Cpanel : Security Vulnerabilities, CVEs, CVSS score between 6 and 6.99
An issue was discovered in cPanel before 11.109.9999.116. XSS can occur on the cpsrvd error page via an invalid webcall ID, aka SEC-669. The fixed versions are 11.109.9999.116, 11.108.0.13, 11.106.0.18, and 11.102.0.31.
Max CVSS
6.1
EPSS Score
0.33%
Published
2023-04-27
Updated
2023-05-05
cPanel before 94.0.3 allows self-XSS via EasyApache 4 Save Profile (SEC-581).
Max CVSS
6.1
EPSS Score
0.08%
Published
2021-04-26
Updated
2021-05-06
cPanel before 90.0.17 allows self-XSS via the WHM Transfer Tool interface (SEC-577).
Max CVSS
6.1
EPSS Score
0.08%
Published
2020-11-27
Updated
2020-12-01
In cPanel before 90.0.17, 2FA can be bypassed via a brute-force approach (SEC-575).
Max CVSS
6.5
EPSS Score
0.11%
Published
2020-11-27
Updated
2022-04-26
cPanel before 90.0.10 allows self XSS via the Cron Editor interface (SEC-574).
Max CVSS
6.1
EPSS Score
0.08%
Published
2020-09-25
Updated
2020-09-25
cPanel before 90.0.10 allows self XSS via the Cron Jobs interface (SEC-573).
Max CVSS
6.1
EPSS Score
0.08%
Published
2020-09-25
Updated
2020-09-25
cPanel before 90.0.10 allows self XSS via WHM Manage API Tokens interfaces (SEC-569).
Max CVSS
6.1
EPSS Score
0.08%
Published
2020-09-25
Updated
2020-09-29
cPanel before 90.0.10 allows self XSS via the WHM Edit DNS Zone interface (SEC-566).
Max CVSS
6.1
EPSS Score
0.08%
Published
2020-09-25
Updated
2020-09-29
cPanel before 88.0.13 allows self XSS via DNS Zone Manager DNSSEC interfaces (SEC-564).
Max CVSS
6.1
EPSS Score
0.08%
Published
2020-09-25
Updated
2020-09-29
cPanel before 84.0.20 allows a webmail or demo account to delete arbitrary files (SEC-547).
Max CVSS
6.5
EPSS Score
0.09%
Published
2020-03-17
Updated
2021-07-21
cPanel before 84.0.20 allows stored self-XSS via the HTML file editor (SEC-535).
Max CVSS
6.1
EPSS Score
0.08%
Published
2020-03-17
Updated
2020-03-19
cPanel before 84.0.20 allows self XSS via a temporary character-set specification (SEC-515).
Max CVSS
6.1
EPSS Score
0.08%
Published
2020-03-17
Updated
2020-03-19
cPanel before 82.0.18 allows attackers to read an arbitrary database via MySQL dump streaming (SEC-531).
Max CVSS
6.5
EPSS Score
0.07%
Published
2020-03-17
Updated
2021-07-21
cPanel before 82.0.18 allows self-XSS because JSON string escaping is mishandled (SEC-520).
Max CVSS
6.1
EPSS Score
0.08%
Published
2020-03-17
Updated
2020-03-18
cPanel before 82.0.15 allows self XSS in the WHM Update Preferences interface (SEC-528).
Max CVSS
6.1
EPSS Score
0.08%
Published
2019-10-09
Updated
2019-10-09
cPanel before 82.0.15 allows self stored XSS in the WHM SSL Storage Manager interface (SEC-527).
Max CVSS
6.1
EPSS Score
0.08%
Published
2019-10-09
Updated
2019-10-09
cPanel before 82.0.15 allows self XSS in the SSL Key Delete interface (SEC-526).
Max CVSS
6.1
EPSS Score
0.08%
Published
2019-10-09
Updated
2019-10-09
cPanel before 82.0.15 allows self XSS in LiveAPI example scripts (SEC-524).
Max CVSS
6.1
EPSS Score
0.08%
Published
2019-10-09
Updated
2019-10-09
cPanel before 82.0.15 allows self XSS in the SSL Certificate Upload interface (SEC-521).
Max CVSS
6.1
EPSS Score
0.08%
Published
2019-10-09
Updated
2019-10-09
cPanel before 78.0.18 has stored XSS in the BoxTrapper Queue Listing (SEC-493).
Max CVSS
6.1
EPSS Score
0.08%
Published
2019-07-30
Updated
2019-07-30
cPanel before 82.0.2 has Self XSS in the cPanel and webmail master templates (SEC-506).
Max CVSS
6.1
EPSS Score
0.08%
Published
2019-07-30
Updated
2019-07-30
cPanel before 68.0.27 allows self XSS in the WHM listips interface (SEC-389).
Max CVSS
6.1
EPSS Score
0.08%
Published
2019-08-01
Updated
2019-08-08
cPanel before 68.0.27 creates world-readable files during use of WHM Apache Includes Editor (SEC-388).
Max CVSS
6.5
EPSS Score
0.07%
Published
2019-08-01
Updated
2019-08-08
cPanel before 68.0.27 allows self XSS in WHM Spamd Startup Config (SEC-387).
Max CVSS
6.1
EPSS Score
0.08%
Published
2019-08-01
Updated
2019-08-07
cPanel before 68.0.27 allows self stored XSS in WHM Account Transfer (SEC-386).
Max CVSS
6.1
EPSS Score
0.08%
Published
2019-08-01
Updated
2019-08-07