Cpanel: >> Cpanel >> 11.54.0.34 Security Vulnerabilities
In cPanel before 62.0.4, WHM SSL certificate generation uses an unreserved e-mail address (SEC-209).
CVSS Score
6.5
EPSS Score
0.001
Published
2019-08-05
cPanel before 62.0.4 does not enforce account ownership for has_mycnf_for_cpuser WHM API calls (SEC-210).
CVSS Score
6.5
EPSS Score
0.003
Published
2019-08-05
cPanel before 62.0.4 allows stored XSS in the WHM Account Suspension List interface (SEC-211).
CVSS Score
5.4
EPSS Score
0.003
Published
2019-08-05
cPanel before 62.0.4 allows resellers to use the WHM enqueue_transfer_item API for queueing non-rearrange modules (SEC-213).
CVSS Score
6.5
EPSS Score
0.004
Published
2019-08-05
cPanel before 62.0.4 has a fixed password for the Munin MySQL test account (SEC-196).
CVSS Score
8.8
EPSS Score
0.003
Published
2019-08-05
cPanel before 62.0.4 allows self XSS on the paper_lantern password-change screen (SEC-197).
CVSS Score
5.4
EPSS Score
0.003
Published
2019-08-05
cPanel before 66.0.2 allows resellers to read other accounts' domain log files (SEC-288).
CVSS Score
2.7
EPSS Score
0.003
Published
2019-08-02
cPanel before 66.0.2 allows stored XSS during WHM cPAddons installation (SEC-263).
CVSS Score
5.4
EPSS Score
0.003
Published
2019-08-02
cPanel before 66.0.2 allows stored XSS during WHM cPAddons file operations (SEC-265).
CVSS Score
5.4
EPSS Score
0.003
Published
2019-08-02
cPanel before 66.0.2 allows stored XSS during WHM cPAddons uninstallation (SEC-266).
CVSS Score
5.4
EPSS Score
0.003
Published
2019-08-02