CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Cpanel : Security Vulnerabilities (CVSS score between 3 and 3.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2019-14390 79 XSS 2019-07-30 2019-07-30
3.5
None Remote Medium Single system None Partial None
cPanel before 82.0.2 has stored XSS in the WHM Modify Account interface (SEC-512).
2 CVE-2019-14386 79 XSS 2019-07-30 2019-07-30
3.5
None Remote Medium Single system None Partial None
cPanel before 82.0.2 has stored XSS in the WHM Tomcat Manager interface (SEC-504).
3 CVE-2018-20935 79 XSS 2019-08-01 2019-08-07
3.5
None Remote Medium Single system None Partial None
cPanel before 70.0.23 allows stored XSS in via a WHM "Reset a DNS Zone" action (SEC-412).
4 CVE-2018-20933 79 XSS 2019-08-01 2019-08-07
3.5
None Remote Medium Single system None Partial None
cPanel before 70.0.23 has Stored XSS via an WHM Edit DNS Zone action (SEC-410).
5 CVE-2018-20916 79 XSS 2019-08-01 2019-08-01
3.5
None Remote Medium Single system None Partial None
cPanel before 70.0.23 allows Stored XSS via a WHM Edit MX Entry (SEC-370).
6 CVE-2018-20915 79 XSS 2019-08-01 2019-08-01
3.5
None Remote Medium Single system None Partial None
cPanel before 70.0.23 allows stored XSS via a WHM Edit DNS Zone action (SEC-369).
7 CVE-2018-20913 200 +Info 2019-08-01 2019-08-02
3.5
None Remote Medium Single system Partial None None
cPanel before 70.0.23 allows attackers to read the root accesshash via the WHM /cgi/trustclustermaster.cgi (SEC-364).
8 CVE-2018-20909 254 2019-08-01 2019-08-07
3.6
None Local Low Not required Partial Partial None
cPanel before 70.0.23 allows arbitrary file-chmod operations during legacy incremental backups (SEC-338).
9 CVE-2018-20897 20 2019-08-01 2019-08-08
3.3
None Local Medium Not required None Partial Partial
cPanel before 71.9980.37 allows arbitrary file-unlink operations via the cPAddons moderation system (SEC-395).
10 CVE-2018-20896 94 2019-08-01 2019-08-07
3.3
None Local Medium Not required None Partial Partial
cPanel before 71.9980.37 allows code injection in the WHM cPAddons interface (SEC-394).
11 CVE-2018-20889 200 +Info 2019-08-01 2019-08-07
3.6
None Local Low Not required Partial Partial None
cPanel before 74.0.0 allows certain file-read operations via password file caching (SEC-425).
12 CVE-2018-20884 79 XSS 2019-08-01 2019-08-01
3.5
None Remote Medium Single system None Partial None
cPanel before 74.0.0 allows stored XSS in the WHM File Restoration interface (SEC-367).
13 CVE-2018-20881 79 XSS 2019-08-01 2019-08-01
3.5
None Remote Medium Single system None Partial None
cPanel before 74.0.8 allows self stored XSS on the Security Questions login page (SEC-446).
14 CVE-2018-20878 79 XSS 2019-08-01 2019-08-01
3.5
None Remote Medium Single system None Partial None
cPanel before 74.0.8 allows stored XSS in WHM "File and Directory Restoration" interface (SEC-441).
15 CVE-2018-20877 79 XSS 2019-08-01 2019-08-01
3.5
None Remote Medium Single system None Partial None
cPanel before 74.0.8 allows self XSS in WHM Style Upload interface (SEC-437).
16 CVE-2018-20876 79 XSS 2019-08-01 2019-08-01
3.5
None Remote Medium Single system None Partial None
cPanel before 74.0.8 allows self XSS in the Site Software Moderation interface (SEC-434).
17 CVE-2018-20875 79 XSS 2019-08-01 2019-08-01
3.5
None Remote Medium Single system None Partial None
cPanel before 74.0.8 allows self XSS in the WHM Security Questions interface (SEC-433).
18 CVE-2018-20874 79 XSS 2019-08-01 2019-08-06
3.5
None Remote Medium Single system None Partial None
cPanel before 74.0.8 allows self XSS in the WHM "Create a New Account" interface (SEC-428).
19 CVE-2017-18481 79 XSS 2019-08-05 2019-08-07
3.5
None Remote Medium Single system None Partial None
cPanel before 62.0.4 allows stored XSS in the WHM Account Suspension List interface (SEC-211).
20 CVE-2017-18473 79 XSS 2019-08-05 2019-08-07
3.5
None Remote Medium Single system None Partial None
cPanel before 62.0.4 allows self XSS on the webmail Password and Security page (SEC-199).
21 CVE-2017-18471 79 XSS 2019-08-05 2019-08-07
3.5
None Remote Medium Single system None Partial None
cPanel before 62.0.4 allows self XSS on the paper_lantern password-change screen (SEC-197).
22 CVE-2017-18458 20 2019-08-02 2019-08-06
3.6
None Local Low Not required None Partial Partial
cPanel before 62.0.17 allows file overwrite when renaming an account (SEC-219).
23 CVE-2017-18454 79 XSS 2019-08-02 2019-08-06
3.5
None Remote Medium Single system None Partial None
cPanel before 62.0.24 allows stored XSS in the WHM cPAddons install interface (SEC-262).
24 CVE-2017-18437 74 Exec Code 2019-08-02 2019-08-09
3.6
None Local Low Not required Partial Partial None
cPanel before 64.0.21 allows a Webmail account to execute code via forwarders (SEC-240).
25 CVE-2017-18420 79 XSS 2019-08-02 2019-08-05
3.5
None Remote Medium Single system None Partial None
cPanel before 66.0.2 allows stored XSS during WHM cPAddons processing (SEC-269).
26 CVE-2017-18419 79 XSS 2019-08-02 2019-08-05
3.5
None Remote Medium Single system None Partial None
cPanel before 66.0.2 allows stored XSS during WHM cPAddons uninstallation (SEC-266).
27 CVE-2017-18418 79 XSS 2019-08-02 2019-08-05
3.5
None Remote Medium Single system None Partial None
cPanel before 66.0.2 allows stored XSS during WHM cPAddons file operations (SEC-265).
28 CVE-2017-18417 79 XSS 2019-08-02 2019-08-05
3.5
None Remote Medium Single system None Partial None
cPanel before 66.0.2 allows stored XSS during WHM cPAddons installation (SEC-263).
29 CVE-2017-18416 284 2019-08-02 2019-08-12
3.6
None Local Low Not required None Partial Partial
cPanel before 67.9999.103 allows arbitrary file-overwrite operations during a Roundcube SQLite schema update (SEC-303).
30 CVE-2017-18408 79 XSS 2019-08-02 2019-08-12
3.5
None Remote Medium Single system None Partial None
cPanel before 67.9999.103 allows stored XSS in WHM MySQL Password Change interfaces (SEC-282).
31 CVE-2017-18402 79 XSS 2019-08-02 2019-08-13
3.5
None Remote Medium Single system None Partial None
cPanel before 68.0.15 allows stored XSS during a cpaddons moderated upgrade (SEC-336).
32 CVE-2017-11441 79 XSS 2017-07-19 2017-08-15
3.5
None Remote Medium Single system None Partial None
The WHM Upload Locale interface in cPanel before 56.0.51, 58.x before 58.0.52, 60.x before 60.0.45, 62.x before 62.0.27, 64.x before 64.0.33, and 66.x before 66.0.2 has XSS via a locale filename, aka SEC-297.
33 CVE-2016-10854 79 XSS 2019-08-01 2019-08-05
3.5
None Remote Medium Single system None Partial None
cPanel before 11.54.0.4 allows self XSS in the X3 Entropy Banner interface (SEC-87).
34 CVE-2016-10853 79 XSS 2019-08-01 2019-08-08
3.5
None Remote Medium Single system None Partial None
cPanel before 11.54.0.4 allows stored XSS in the WHM Feature Manager interface (SEC-86).
35 CVE-2016-10851 79 XSS 2019-08-01 2019-08-05
3.5
None Remote Medium Single system None Partial None
cPanel before 11.54.0.4 allows self XSS in the WHM PHP Configuration editor interface (SEC-84).
36 CVE-2016-10827 79 XSS 2019-08-01 2019-08-07
3.5
None Remote Medium Single system None Partial None
cPanel before 55.9999.141 allows self stored XSS in WHM Edit System Mail Preferences (SEC-96).
37 CVE-2016-10822 79 XSS 2019-08-01 2019-08-07
3.5
None Remote Medium Single system None Partial None
cPanel before 55.9999.141 allows self XSS in X3 Reseller Branding Images (SEC-88).
38 CVE-2016-10813 79 XSS 2019-08-01 2019-08-06
3.5
None Remote Medium Single system None Partial None
cPanel before 57.9999.54 allows self XSS during ftp account creation under addon domains (SEC-118).
39 CVE-2016-10806 79 XSS 2019-08-07 2019-08-09
3.5
None Remote Medium Single system None Partial None
cPanel before 57.9999.54 allows self XSS on the Paper Lantern Landing Page (SEC-110).
40 CVE-2016-10784 79 XSS 2019-08-06 2019-08-08
3.5
None Remote Medium Single system None Partial None
cPanel before 60.0.25 allows self XSS in the alias upload interface (SEC-184).
41 CVE-2016-10783 79 XSS 2019-08-06 2019-08-08
3.5
None Remote Medium Single system None Partial None
cPanel before 60.0.25 allows self stored XSS in SSL_listkeys (SEC-182).
42 CVE-2016-10782 79 XSS 2019-08-06 2019-08-08
3.5
None Remote Medium Single system None Partial None
cPanel before 60.0.25 allows self stored XSS in postgres API1 listdbs (SEC-181).
43 CVE-2016-10781 79 XSS 2019-08-06 2019-08-08
3.5
None Remote Medium Single system None Partial None
cPanel before 60.0.25 allows self XSS in the UI_confirm API (SEC-180).
44 CVE-2016-10780 79 XSS 2019-08-06 2019-08-08
3.5
None Remote Medium Single system None Partial None
cPanel before 60.0.25 allows stored XSS in the ftp_sessions API (SEC-180).
45 CVE-2016-10779 79 XSS 2019-08-06 2019-08-09
3.5
None Remote Medium Single system None Partial None
cPanel before 60.0.25 allows stored XSS in api1_listautoresponders (SEC-179).
46 CVE-2016-10778 79 XSS 2019-08-06 2019-08-08
3.5
None Remote Medium Single system None Partial None
cPanel before 60.0.25 allows self stored XSS in the listftpstable API (SEC-178).
47 CVE-2016-10777 79 XSS 2019-08-06 2019-08-08
3.5
None Remote Medium Single system None Partial None
cPanel before 60.0.25 allows self XSS in WHM Tweak Settings for autodiscover_host (SEC-177).
48 CVE-2016-10776 79 XSS 2019-08-06 2019-08-08
3.5
None Remote Medium Single system None Partial None
cPanel before 60.0.25 allows stored XSS during the homedir removal phase of WHM Account termination (SEC-174).
49 CVE-2016-10774 79 XSS 2019-08-05 2019-08-09
3.5
None Remote Medium Single system None Partial None
cPanel before 60.0.25 allows self XSS in the tail_ea4_migration.cgi interface (SEC-172).
50 CVE-2016-10767 79 XSS 2019-08-05 2019-08-09
3.5
None Remote Medium Single system None Partial None
cPanel before 60.0.25 allows stored XSS in the WHM Repair Mailbox Permissions interface (SEC-159).
Total number of vulnerabilities : 53   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.