CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2012-6448 – cPanel WebHost Manager (WHM) - '/webmail/x3/mail/clientconf.html?acct' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-6448
27 Jan 2020 — Cross-site Scripting (XSS) in cPanel WebHost Manager (WHM) 11.34.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Una vulnerabilidad de tipo Cross-site Scripting (XSS) en cPanel WebHost Manager (WHM) versión 11.34.0, permite a atacantes remotos inyectar script web o HTML arbitrario, por medio de vectores no especificados. • https://www.exploit-db.com/exploits/38153 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 24EXPL: 2CVE-2007-0890 – cPanel 11 - PassWDMySQL Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-0890
12 Feb 2007 — Cross-site scripting (XSS) vulnerability in scripts/passwdmysql in cPanel WebHost Manager (WHM) 11.0.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the password parameter. Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en scripts/passwdmysql en cPanel WebHost Manager (WHM) 11.0.0 y anteriores permite a un atacante remoto inyectar secuencias de comandos web o HTML a través del parámetro password. • https://www.exploit-db.com/exploits/29572 •
CVSS: 9.1EPSS: 10%CPEs: 1EXPL: 2CVE-2007-0854
https://notcve.org/view.php?id=CVE-2007-0854
08 Feb 2007 — Remote file inclusion vulnerability in scripts2/objcache in cPanel WebHost Manager (WHM) allows remote attackers to execute arbitrary code via a URL in the obj parameter. NOTE: a third party claims that this issue is not file inclusion because the contents are not parsed, but the attack can be used to overwrite files in /var/cpanel/objcache or provide unexpected web page contents. Una vulnerabilidad de inclusión remota de archivos en scripts2/objcache en WebHost Manager (WHM) de cPanel permite a los atacant... • http://changelog.cpanel.net/index.cgi • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2006-6548
https://notcve.org/view.php?id=CVE-2006-6548
14 Dec 2006 — Multiple cross-site scripting (XSS) vulnerabilities in cPanel WebHost Manager (WHM) 3.1.0 allow remote authenticated users to inject arbitrary web script or HTML via the domain parameter to (1) scripts2/changeemail, (2) scripts2/limitbw, or (3) scripts/rearrangeacct. NOTE: the feature parameter to scripts2/dofeaturemanager is already covered by CVE-2006-6198. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en cPanel WebHost Manager (WHM) 3.1.0 permite a atacantes remotos autent... • http://securityreason.com/securityalert/2027 •
CVSS: 6.0EPSS: 0%CPEs: 1EXPL: 9CVE-2006-6198 – cPanel WebHost Manager 3.1 - 'addon_configsupport.cgi?supporturl' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-6198
01 Dec 2006 — Multiple cross-site scripting (XSS) vulnerabilities in cPanel WebHost Manager (WHM) 3.1.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) email parameter to (a) scripts2/dochangeemail, the (2) supporturl parameter to (b) cgi/addon_configsupport.cgi, the (3) pkg parameter to (c) scripts/editpkg, the (4) domain parameter to (d) scripts2/domts2 and (e) scripts/editzone, the (5) feature parameter to (g) scripts2/dofeaturemanager, and the (6) ndomain parameter to (h) scripts/p... • https://www.exploit-db.com/exploits/29183 •