Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

  1. Reconshell
  2. Vulnerabilities (CVE)
Filtered by vendor Cpanel Subscribe
Total 425 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-20923 1 Cpanel 1 Cpanel 2019-08-01 4.3 MEDIUM 6.1 MEDIUM
cPanel before 70.0.23 allows stored XSS via a WHM Synchronize DNS Records action (SEC-377).
CVE-2018-20870 1 Cpanel 1 Cpanel 2019-07-31 2.1 LOW 5.5 MEDIUM
The WebDAV transport feature in cPanel before 76.0.8 enables debug logging (SEC-467).
CVE-2018-20869 1 Cpanel 1 Cpanel 2019-07-31 7.2 HIGH 7.8 HIGH
cPanel before 76.0.8 allows arbitrary code execution in the context of the root account via dnssec adminbin (SEC-465).
CVE-2018-20864 1 Cpanel 1 Cpanel 2019-07-31 6.4 MEDIUM 6.5 MEDIUM
cPanel before 76.0.8 allows a persistent Virtual FTP accounts after removal of its associated domain (SEC-454).
CVE-2018-20863 1 Cpanel 1 Cpanel 2019-07-31 7.5 HIGH 9.8 CRITICAL
cPanel before 76.0.8 allows remote attackers to execute arbitrary code via mailing-list attachments (SEC-452).
CVE-2018-20867 1 Cpanel 1 Cpanel 2019-07-30 5.8 MEDIUM 6.1 MEDIUM
cPanel before 76.0.8 has an open redirect when resetting connections (SEC-462).
CVE-2019-14403 1 Cpanel 1 Cpanel 2019-07-30 4.3 MEDIUM 4.3 MEDIUM
cPanel before 78.0.18 offers an open mail relay because of incorrect domain-redirect routing (SEC-483).
CVE-2018-20866 1 Cpanel 1 Cpanel 2019-07-30 4.3 MEDIUM 6.1 MEDIUM
cPanel before 76.0.8 has Stored XSS in the WHM "Reset a DNS Zone" feature (SEC-461).
CVE-2018-20868 1 Cpanel 1 Cpanel 2019-07-30 4.3 MEDIUM 6.1 MEDIUM
cPanel before 76.0.8 has Stored XSS in the WHM MultiPHP Manager interface (SEC-464).
CVE-2019-14410 1 Cpanel 1 Cpanel 2019-07-30 2.1 LOW 3.3 LOW
Maketext in cPanel before 78.0.2 allows format-string injection in the Email store_filter UAPI (SEC-472).
CVE-2019-14412 1 Cpanel 1 Cpanel 2019-07-30 2.1 LOW 3.3 LOW
Maketext in cPanel before 78.0.2 allows format-string injection in the DCV check_domains_via_dns UAPI (SEC-474).
CVE-2019-14406 1 Cpanel 1 Cpanel 2019-07-30 4.3 MEDIUM 6.1 MEDIUM
cPanel before 78.0.18 has stored XSS in the BoxTrapper Queue Listing (SEC-493).
CVE-2018-20865 1 Cpanel 1 Cpanel 2019-07-30 4.3 MEDIUM 6.1 MEDIUM
cPanel before 76.0.8 has Self XSS in the WHM Additional Backup Destination field (SEC-459).
CVE-2019-14387 1 Cpanel 1 Cpanel 2019-07-30 4.3 MEDIUM 6.1 MEDIUM
cPanel before 82.0.2 has Self XSS in the cPanel and webmail master templates (SEC-506).
CVE-2019-14386 1 Cpanel 1 Cpanel 2019-07-30 3.5 LOW 5.4 MEDIUM
cPanel before 82.0.2 has stored XSS in the WHM Tomcat Manager interface (SEC-504).
CVE-2019-14390 1 Cpanel 1 Cpanel 2019-07-30 3.5 LOW 5.4 MEDIUM
cPanel before 82.0.2 has stored XSS in the WHM Modify Account interface (SEC-512).
CVE-2018-16236 1 Cpanel 1 Cpanel 2018-10-23 4.3 MEDIUM 6.1 MEDIUM
cPanel through 74 allows XSS via a crafted filename in the logs subdirectory of a user account, because the filename is mishandled during frontend/THEME/raw/index.html rendering.
CVE-2006-0574 1 Cpanel 1 Cpanel 2018-10-19 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in mime/handle.html in cPanel 10 allows remote attackers to inject arbitrary web script or HTML via the (1) file extension or (2) mime-type.
CVE-2005-3505 1 Cpanel 1 Cpanel 2018-10-19 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Entropy Chat script in cPanel 10.2.0-R82 and 10.6.0-R137 allows remote attackers to inject arbitrary web script or HTML via a chat message containing Javascript in style attributes in tags such as <b>, which are processed by Internet Explorer.
CVE-2006-3337 1 Cpanel 1 Cpanel 2018-10-18 2.6 LOW N/A
Cross-site scripting (XSS) vulnerability in frontend/x/files/select.html in cPanel 10.8.2-CURRENT 118 and earlier allows remote attackers to inject arbitrary web script or HTML via the file parameter.