An issue was discovered in cPanel before 11.109.9999.116. XSS can occur on the cpsrvd error page via an invalid webcall ID, aka SEC-669. The fixed versions are 11.109.9999.116, 11.108.0.13, 11.106.0.18, and 11.102.0.31.
Max CVSS
6.1
EPSS Score
0.33%
Published
2023-04-27
Updated
2023-05-05
cPanel before 94.0.3 allows self-XSS via EasyApache 4 Save Profile (SEC-581).
Max CVSS
6.1
EPSS Score
0.08%
Published
2021-04-26
Updated
2021-05-06
cPanel before 90.0.17 allows self-XSS via the WHM Transfer Tool interface (SEC-577).
Max CVSS
6.1
EPSS Score
0.08%
Published
2020-11-27
Updated
2020-12-01
In cPanel before 90.0.17, 2FA can be bypassed via a brute-force approach (SEC-575).
Max CVSS
6.5
EPSS Score
0.11%
Published
2020-11-27
Updated
2022-04-26
cPanel before 90.0.10 allows self XSS via the Cron Editor interface (SEC-574).
Max CVSS
6.1
EPSS Score
0.08%
Published
2020-09-25
Updated
2020-09-25
cPanel before 90.0.10 allows self XSS via the Cron Jobs interface (SEC-573).
Max CVSS
6.1
EPSS Score
0.08%
Published
2020-09-25
Updated
2020-09-25
cPanel before 90.0.10 allows self XSS via WHM Manage API Tokens interfaces (SEC-569).
Max CVSS
6.1
EPSS Score
0.08%
Published
2020-09-25
Updated
2020-09-29
cPanel before 90.0.10 allows self XSS via the WHM Edit DNS Zone interface (SEC-566).
Max CVSS
6.1
EPSS Score
0.08%
Published
2020-09-25
Updated
2020-09-29
cPanel before 88.0.13 allows self XSS via DNS Zone Manager DNSSEC interfaces (SEC-564).
Max CVSS
6.1
EPSS Score
0.08%
Published
2020-09-25
Updated
2020-09-29
cPanel before 84.0.20 allows a webmail or demo account to delete arbitrary files (SEC-547).
Max CVSS
6.5
EPSS Score
0.09%
Published
2020-03-17
Updated
2021-07-21
cPanel before 84.0.20 allows stored self-XSS via the HTML file editor (SEC-535).
Max CVSS
6.1
EPSS Score
0.08%
Published
2020-03-17
Updated
2020-03-19
cPanel before 84.0.20 allows self XSS via a temporary character-set specification (SEC-515).
Max CVSS
6.1
EPSS Score
0.08%
Published
2020-03-17
Updated
2020-03-19
cPanel before 82.0.18 allows attackers to read an arbitrary database via MySQL dump streaming (SEC-531).
Max CVSS
6.5
EPSS Score
0.07%
Published
2020-03-17
Updated
2021-07-21
cPanel before 82.0.18 allows self-XSS because JSON string escaping is mishandled (SEC-520).
Max CVSS
6.1
EPSS Score
0.08%
Published
2020-03-17
Updated
2020-03-18
cPanel before 82.0.15 allows self XSS in the WHM Update Preferences interface (SEC-528).
Max CVSS
6.1
EPSS Score
0.08%
Published
2019-10-09
Updated
2019-10-09
cPanel before 82.0.15 allows self stored XSS in the WHM SSL Storage Manager interface (SEC-527).
Max CVSS
6.1
EPSS Score
0.08%
Published
2019-10-09
Updated
2019-10-09
cPanel before 82.0.15 allows self XSS in the SSL Key Delete interface (SEC-526).
Max CVSS
6.1
EPSS Score
0.08%
Published
2019-10-09
Updated
2019-10-09
cPanel before 82.0.15 allows self XSS in LiveAPI example scripts (SEC-524).
Max CVSS
6.1
EPSS Score
0.08%
Published
2019-10-09
Updated
2019-10-09
cPanel before 82.0.15 allows self XSS in the SSL Certificate Upload interface (SEC-521).
Max CVSS
6.1
EPSS Score
0.08%
Published
2019-10-09
Updated
2019-10-09
cPanel before 78.0.18 has stored XSS in the BoxTrapper Queue Listing (SEC-493).
Max CVSS
6.1
EPSS Score
0.08%
Published
2019-07-30
Updated
2019-07-30
cPanel before 82.0.2 has Self XSS in the cPanel and webmail master templates (SEC-506).
Max CVSS
6.1
EPSS Score
0.08%
Published
2019-07-30
Updated
2019-07-30
cPanel before 68.0.27 allows self XSS in the WHM listips interface (SEC-389).
Max CVSS
6.1
EPSS Score
0.08%
Published
2019-08-01
Updated
2019-08-08
cPanel before 68.0.27 creates world-readable files during use of WHM Apache Includes Editor (SEC-388).
Max CVSS
6.5
EPSS Score
0.07%
Published
2019-08-01
Updated
2019-08-08
cPanel before 68.0.27 allows self XSS in WHM Spamd Startup Config (SEC-387).
Max CVSS
6.1
EPSS Score
0.08%
Published
2019-08-01
Updated
2019-08-07
cPanel before 68.0.27 allows self stored XSS in WHM Account Transfer (SEC-386).
Max CVSS
6.1
EPSS Score
0.08%
Published
2019-08-01
Updated
2019-08-07
105 vulnerabilities found
1 2 3 4 5
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!