Cpanel: >> Cpanel >> 78.0.43 Security Vulnerabilities
cPanel before 84.0.20 allows self XSS via a temporary character-set specification (SEC-515).
CVSS Score
6.1
EPSS Score
0.004
Published
2020-03-17
cPanel before 84.0.20 allows stored self-XSS via the HTML file editor (SEC-535).
CVSS Score
6.1
EPSS Score
0.004
Published
2020-03-17
cPanel before 84.0.20, when PowerDNS is used, allows arbitrary code execution as root via dnsadmin. (SEC-537).
CVSS Score
7.2
EPSS Score
0.005
Published
2020-03-17
cPanel before 84.0.20 allows attackers to bypass intended restrictions on features and demo accounts via WebDisk UAPI calls (SEC-541).
CVSS Score
5.3
EPSS Score
0.002
Published
2020-03-17
cPanel before 84.0.20 mishandles enforcement of demo checks in the Market UAPI namespace (SEC-542).
CVSS Score
9.1
EPSS Score
0.004
Published
2020-03-17
cPanel before 84.0.20 allows a demo account to modify files via Branding API calls (SEC-543).
CVSS Score
9.1
EPSS Score
0.003
Published
2020-03-17
cPanel before 84.0.20 allows a demo account to achieve remote code execution via a cpsrvd rsync shell (SEC-544).
CVSS Score
9.8
EPSS Score
0.028
Published
2020-03-17
cPanel before 82.0.15 allows self XSS in the WHM Update Preferences interface (SEC-528).
CVSS Score
6.1
EPSS Score
0.003
Published
2019-10-09
cPanel before 80.0.5 allows local code execution in the context of a different cPanel account because of insecure cpphp execution (SEC-486).
CVSS Score
5.3
EPSS Score
0.001
Published
2019-07-30
cPanel before 80.0.5 allows unsafe file operations in the context of the root account via the fetch_ssl_certificates_for_fqdns API (SEC-489).
CVSS Score
5.5
EPSS Score
0.0
Published
2019-07-30