Security Vulnerabilities - CVEs Published In March 2020
OpenCart 3.0.3.2 allows remote authenticated users to conduct XSS attacks via a crafted filename in the users' image upload section.
CVSS Score
5.4
EPSS Score
0.011
Published
2020-03-17
In cPanel before 82.0.18, Cpanel::Rand::Get can produce a predictable series of numbers (SEC-525).
CVSS Score
3.3
EPSS Score
0.001
Published
2020-03-17
cPanel before 82.0.18 allows attackers to read an arbitrary database via MySQL dump streaming (SEC-531).
CVSS Score
6.5
EPSS Score
0.004
Published
2020-03-17
cPanel before 82.0.18 allows attackers to conduct arbitrary chown operations as root during log processing (SEC-532).
CVSS Score
5.5
EPSS Score
0.001
Published
2020-03-17
cPanel before 82.0.18 allows stored XSS via WHM Backup Restoration (SEC-533).
CVSS Score
5.4
EPSS Score
0.004
Published
2020-03-17
cPanel before 82.0.18 allows WebDAV authentication bypass because the connection-sharing logic is incorrect (SEC-534).
CVSS Score
9.8
EPSS Score
0.002
Published
2020-03-17
cPanel before 84.0.20 allows self XSS via a temporary character-set specification (SEC-515).
CVSS Score
6.1
EPSS Score
0.004
Published
2020-03-17
cPanel before 84.0.20 allows stored self-XSS via the HTML file editor (SEC-535).
CVSS Score
6.1
EPSS Score
0.004
Published
2020-03-17
cPanel before 84.0.20, when PowerDNS is used, allows arbitrary code execution as root via dnsadmin. (SEC-537).
CVSS Score
7.2
EPSS Score
0.005
Published
2020-03-17
cPanel before 84.0.20 allows attackers to bypass intended restrictions on features and demo accounts via WebDisk UAPI calls (SEC-541).
CVSS Score
5.3
EPSS Score
0.002
Published
2020-03-17