Total
417 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-20919 | 1 Cpanel | 1 Cpanel | 2019-08-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 70.0.23 allows stored XSS via a WHM Create Account action (SEC-373). | |||||
| CVE-2018-20920 | 1 Cpanel | 1 Cpanel | 2019-08-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 70.0.23 allows stored XSS via a WHM Edit DNS Zone action (SEC-374). | |||||
| CVE-2018-20921 | 1 Cpanel | 1 Cpanel | 2019-08-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 70.0.23 allows stored XSS via a WHM "Delete a DNS Zone" action (SEC-375). | |||||
| CVE-2018-20922 | 1 Cpanel | 1 Cpanel | 2019-08-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 70.0.23 allows stored XSS via a WHM DNS Cleanup action (SEC-376). | |||||
| CVE-2018-20923 | 1 Cpanel | 1 Cpanel | 2019-08-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 70.0.23 allows stored XSS via a WHM Synchronize DNS Records action (SEC-377). | |||||
| CVE-2018-20870 | 1 Cpanel | 1 Cpanel | 2019-07-31 | 2.1 LOW | 5.5 MEDIUM |
| The WebDAV transport feature in cPanel before 76.0.8 enables debug logging (SEC-467). | |||||
| CVE-2018-20869 | 1 Cpanel | 1 Cpanel | 2019-07-31 | 7.2 HIGH | 7.8 HIGH |
| cPanel before 76.0.8 allows arbitrary code execution in the context of the root account via dnssec adminbin (SEC-465). | |||||
| CVE-2018-20864 | 1 Cpanel | 1 Cpanel | 2019-07-31 | 6.4 MEDIUM | 6.5 MEDIUM |
| cPanel before 76.0.8 allows a persistent Virtual FTP accounts after removal of its associated domain (SEC-454). | |||||
| CVE-2018-20863 | 1 Cpanel | 1 Cpanel | 2019-07-31 | 7.5 HIGH | 9.8 CRITICAL |
| cPanel before 76.0.8 allows remote attackers to execute arbitrary code via mailing-list attachments (SEC-452). | |||||
| CVE-2018-20867 | 1 Cpanel | 1 Cpanel | 2019-07-30 | 5.8 MEDIUM | 6.1 MEDIUM |
| cPanel before 76.0.8 has an open redirect when resetting connections (SEC-462). | |||||
| CVE-2019-14403 | 1 Cpanel | 1 Cpanel | 2019-07-30 | 4.3 MEDIUM | 4.3 MEDIUM |
| cPanel before 78.0.18 offers an open mail relay because of incorrect domain-redirect routing (SEC-483). | |||||
| CVE-2018-20866 | 1 Cpanel | 1 Cpanel | 2019-07-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 76.0.8 has Stored XSS in the WHM "Reset a DNS Zone" feature (SEC-461). | |||||
| CVE-2018-20868 | 1 Cpanel | 1 Cpanel | 2019-07-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 76.0.8 has Stored XSS in the WHM MultiPHP Manager interface (SEC-464). | |||||
| CVE-2019-14410 | 1 Cpanel | 1 Cpanel | 2019-07-30 | 2.1 LOW | 3.3 LOW |
| Maketext in cPanel before 78.0.2 allows format-string injection in the Email store_filter UAPI (SEC-472). | |||||
| CVE-2019-14412 | 1 Cpanel | 1 Cpanel | 2019-07-30 | 2.1 LOW | 3.3 LOW |
| Maketext in cPanel before 78.0.2 allows format-string injection in the DCV check_domains_via_dns UAPI (SEC-474). | |||||
| CVE-2019-14406 | 1 Cpanel | 1 Cpanel | 2019-07-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 78.0.18 has stored XSS in the BoxTrapper Queue Listing (SEC-493). | |||||
| CVE-2018-20865 | 1 Cpanel | 1 Cpanel | 2019-07-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 76.0.8 has Self XSS in the WHM Additional Backup Destination field (SEC-459). | |||||
| CVE-2019-14387 | 1 Cpanel | 1 Cpanel | 2019-07-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 82.0.2 has Self XSS in the cPanel and webmail master templates (SEC-506). | |||||
| CVE-2019-14386 | 1 Cpanel | 1 Cpanel | 2019-07-30 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 82.0.2 has stored XSS in the WHM Tomcat Manager interface (SEC-504). | |||||
| CVE-2019-14390 | 1 Cpanel | 1 Cpanel | 2019-07-30 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 82.0.2 has stored XSS in the WHM Modify Account interface (SEC-512). | |||||