National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): cpanel
  • Search Type: Search All
  • Contains Software Flaws (CVE)
There are 388 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2012-6449

The clientconf.html and detailbw.html pages in x3 in cPanel & WHM 11.34.0 (build 8) have a XSS vulnerability.

Published: February 10, 2020; 10:15:11 AM -05:00
V3.1: 5.4 MEDIUM
    V2: 3.5 LOW
CVE-2012-6448

Cross-site Scripting (XSS) in cPanel WebHost Manager (WHM) 11.34.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: January 27, 2020; 05:15:10 PM -05:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-17380

cPanel before 82.0.15 allows self XSS in the WHM Update Preferences interface (SEC-528).

Published: October 09, 2019; 12:15:15 PM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-17379

cPanel before 82.0.15 allows self stored XSS in the WHM SSL Storage Manager interface (SEC-527).

Published: October 09, 2019; 12:15:15 PM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-17378

cPanel before 82.0.15 allows self XSS in the SSL Key Delete interface (SEC-526).

Published: October 09, 2019; 12:15:15 PM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-17377

cPanel before 82.0.15 allows self XSS in LiveAPI example scripts (SEC-524).

Published: October 09, 2019; 12:15:15 PM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-17376

cPanel before 82.0.15 allows self XSS in the SSL Certificate Upload interface (SEC-521).

Published: October 09, 2019; 12:15:15 PM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-17375

cPanel before 82.0.15 allows API token credentials to persist after an account has been renamed or terminated (SEC-517).

Published: October 09, 2019; 12:15:15 PM -04:00
V3.1: 8.8 HIGH
    V2: 6.5 MEDIUM
CVE-2016-10812

In cPanel before 57.9999.54, /scripts/enablefileprotect exposed TTYs (SEC-117).

Published: August 07, 2019; 09:15:13 AM -04:00
V3.0: 8.8 HIGH
    V2: 9.0 HIGH
CVE-2016-10811

In cPanel before 57.9999.54, /scripts/unsuspendacct exposed TTYs (SEC-116).

Published: August 07, 2019; 09:15:13 AM -04:00
V3.0: 8.8 HIGH
    V2: 9.0 HIGH
CVE-2016-10810

In cPanel before 57.9999.54, /scripts/maildir_converter exposed a TTY to an unprivileged process (SEC-115).

Published: August 07, 2019; 09:15:12 AM -04:00
V3.0: 8.8 HIGH
    V2: 9.0 HIGH
CVE-2016-10809

In cPanel before 57.9999.54, /scripts/checkinfopages exposed a TTY to an unprivileged process (SEC-114).

Published: August 07, 2019; 09:15:12 AM -04:00
V3.0: 8.8 HIGH
    V2: 9.0 HIGH
CVE-2016-10808

In cPanel before 57.9999.54, /scripts/addpop and /scripts/delpop exposed TTYs (SEC-113).

Published: August 07, 2019; 09:15:12 AM -04:00
V3.0: 8.8 HIGH
    V2: 9.0 HIGH
CVE-2016-10807

cPanel before 57.9999.54 allows certain denial-of-service outcomes via /scripts/killpvhost (SEC-112).

Published: August 07, 2019; 09:15:12 AM -04:00
V3.0: 6.5 MEDIUM
    V2: 4.0 MEDIUM
CVE-2016-10806

cPanel before 57.9999.54 allows self XSS on the Paper Lantern Landing Page (SEC-110).

Published: August 07, 2019; 09:15:12 AM -04:00
V3.0: 5.4 MEDIUM
    V2: 3.5 LOW
CVE-2016-10805

cPanel before 57.9999.54 allows demo accounts to execute arbitrary code via ajax_maketext_syntax_util.pl (SEC-109).

Published: August 07, 2019; 09:15:12 AM -04:00
V3.0: 8.8 HIGH
    V2: 6.5 MEDIUM
CVE-2016-10804

The SQLite journal feature in cPanel before 57.9999.54 allows arbitrary file-overwrite operations during Horde Restore (SEC-58).

Published: August 07, 2019; 09:15:12 AM -04:00
V3.0: 8.1 HIGH
    V2: 8.7 HIGH
CVE-2016-10803

cPanel before 57.9999.105 allows newline injection via LOC records (CPANEL-6923).

Published: August 07, 2019; 09:15:12 AM -04:00
V3.0: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2016-10802

cPanel before 58.0.4 allows code execution in the context of other user accounts through the PHP CGI handler (SEC-142).

Published: August 07, 2019; 09:15:12 AM -04:00
V3.0: 8.8 HIGH
    V2: 6.5 MEDIUM
CVE-2016-10801

cPanel before 58.0.4 has improper session handling for shared users (SEC-139).

Published: August 07, 2019; 09:15:12 AM -04:00
V3.0: 8.8 HIGH
    V2: 6.5 MEDIUM