Filtered by vendor Cpanel
Subscribe
Total
426 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-6448 | 1 Cpanel | 1 Webhost Manager | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site Scripting (XSS) in cPanel WebHost Manager (WHM) 11.34.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2019-17375 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
| cPanel before 82.0.15 allows API token credentials to persist after an account has been renamed or terminated (SEC-517). | |||||
| CVE-2019-17380 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 82.0.15 allows self XSS in the WHM Update Preferences interface (SEC-528). | |||||
| CVE-2018-20905 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 5.5 MEDIUM | 5.4 MEDIUM |
| cPanel before 71.9980.37 allows attackers to make API calls that bypass the backup feature restriction (SEC-429). | |||||
| CVE-2016-10855 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| cPanel before 11.54.0.4 allows unauthenticated arbitrary code execution via cpsrvd (SEC-91). | |||||
| CVE-2019-14407 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 4.0 MEDIUM | 2.7 LOW |
| cPanel before 78.0.2 reveals internal data to OpenID providers (SEC-415). | |||||
| CVE-2019-14390 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 82.0.2 has stored XSS in the WHM Modify Account interface (SEC-512). | |||||
| CVE-2018-20868 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 76.0.8 has Stored XSS in the WHM MultiPHP Manager interface (SEC-464). | |||||
| CVE-2018-20935 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 70.0.23 allows stored XSS in via a WHM "Reset a DNS Zone" action (SEC-412). | |||||
| CVE-2016-10791 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| cPanel before 60.0.15 does not ensure that system accounts lack a valid password, so that logins are impossible (CPANEL-9559). | |||||
| CVE-2018-20934 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 6.4 MEDIUM | 6.5 MEDIUM |
| cPanel before 70.0.23 does not prevent e-mail account suspensions from being applied to unowned accounts (SEC-411). | |||||
| CVE-2016-10767 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 60.0.25 allows stored XSS in the WHM Repair Mailbox Permissions interface (SEC-159). | |||||
| CVE-2017-18471 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 62.0.4 allows self XSS on the paper_lantern password-change screen (SEC-197). | |||||
| CVE-2018-20919 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 70.0.23 allows stored XSS via a WHM Create Account action (SEC-373). | |||||
| CVE-2016-10820 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 9.0 HIGH | 8.8 HIGH |
| cPanel before 55.9999.141 allows daemons to access their controlling TTYs (SEC-31). | |||||
| CVE-2018-20929 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
| cPanel before 70.0.23 allows an open redirect via the /unprotected/redirect.html endpoint (SEC-392). | |||||
| CVE-2016-10829 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 6.8 MEDIUM | 6.5 MEDIUM |
| cPanel before 55.9999.141 allows arbitrary file-read operations because of a multipart form processing error (SEC-99). | |||||
| CVE-2018-20892 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
| cPanel before 74.0.0 allows arbitrary zone file modifications because of incorrect CAA record handling (SEC-439). | |||||
| CVE-2017-18417 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 66.0.2 allows stored XSS during WHM cPAddons installation (SEC-263). | |||||
| CVE-2017-18439 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 6.5 MEDIUM | 6.3 MEDIUM |
| cPanel before 64.0.21 allows demo accounts to execute code via an ImageManager_dimensions API call (SEC-243). | |||||