cPanel before 82.0.2 has stored XSS in the WHM Tomcat Manager interface (SEC-504).
CVSS Score
5.4
EPSS Score
0.003
Published
2019-07-30
cPanel before 82.0.2 has Self XSS in the cPanel and webmail master templates (SEC-506).
CVSS Score
6.1
EPSS Score
0.003
Published
2019-07-30
cPanel before 82.0.2 allows unauthenticated file creation because Exim log parsing is mishandled (SEC-507).
CVSS Score
7.5
EPSS Score
0.005
Published
2019-07-30
cPanel before 82.0.2 allows local users to discover the MySQL root password (SEC-510).
CVSS Score
7.8
EPSS Score
0.0
Published
2019-07-30
cPanel before 82.0.2 has stored XSS in the WHM Modify Account interface (SEC-512).
CVSS Score
5.4
EPSS Score
0.003
Published
2019-07-30
cPanel before 82.0.2 does not properly enforce Reseller package creation ACLs (SEC-514).
CVSS Score
3.3
EPSS Score
0.001
Published
2019-07-30
cPanel through 74 allows XSS via a crafted filename in the logs subdirectory of a user account, because the filename is mishandled during frontend/THEME/raw/index.html rendering.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-08-30
Open redirect vulnerability in cgiemail and cgiecho allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the (1) success or (2) failure parameter.
CVSS Score
6.1
EPSS Score
0.004
Published
2017-03-03
Cross-site scripting (XSS) vulnerability in frontend/x3/files/fileop.html in cPanel 11.0 through 11.24.7 allows remote attackers to inject arbitrary web script or HTML via the fileop parameter.
CVSS Score
4.3
EPSS Score
0.014
Published
2010-04-27
Absolute path traversal vulnerability in the Disk Usage module (frontend/x/diskusage/index.html) in cPanel 11.18.3 allows remote attackers to list arbitrary directories via the showtree parameter.
CVSS Score
5.0
EPSS Score
0.017
Published
2009-09-01