Cpanel: >> Cpanel >> 11.54.0.30 Security Vulnerabilities
In cPanel before 88.0.3, an insecure auth policy API key is used by Dovecot on a templated VM (SEC-550).
CVSS Score
7.5
EPSS Score
0.006
Published
2020-09-25
cPanel before 84.0.20 allows resellers to achieve remote code execution as root via a cpsrvd rsync shell (SEC-545).
CVSS Score
7.2
EPSS Score
0.054
Published
2020-03-17
cPanel before 84.0.20 allows a demo account to achieve remote code execution via a cpsrvd rsync shell (SEC-544).
CVSS Score
9.8
EPSS Score
0.028
Published
2020-03-17
cPanel before 82.0.15 allows self XSS in the WHM Update Preferences interface (SEC-528).
CVSS Score
6.1
EPSS Score
0.003
Published
2019-10-09
cPanel before 60.0.25 allows arbitrary code execution via Maketext in PostgreSQL adminbin (SEC-188).
CVSS Score
8.8
EPSS Score
0.009
Published
2019-08-06
cPanel before 60.0.25 allows code execution via the cpsrvd 403 error response handler (SEC-191).
CVSS Score
8.8
EPSS Score
0.01
Published
2019-08-06
cPanel before 60.0.25 does not use TLS for HTTP POSTs to listinput.cpanel.net (SEC-192).
CVSS Score
7.5
EPSS Score
0.003
Published
2019-08-06
cPanel before 60.0.25 allows stored XSS during the homedir removal phase of WHM Account termination (SEC-174).
CVSS Score
5.4
EPSS Score
0.003
Published
2019-08-06
cPanel before 60.0.25 allows self XSS in WHM Tweak Settings for autodiscover_host (SEC-177).
CVSS Score
5.4
EPSS Score
0.003
Published
2019-08-06
cPanel before 60.0.25 allows self stored XSS in the listftpstable API (SEC-178).
CVSS Score
5.4
EPSS Score
0.003
Published
2019-08-06