CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16236
https://notcve.org/view.php?id=CVE-2018-16236
30 Aug 2018 — cPanel through 74 allows XSS via a crafted filename in the logs subdirectory of a user account, because the filename is mishandled during frontend/THEME/raw/index.html rendering. cPanel hasta la versión 74 permite Cross-Site Scripting (XSS) mediante un nombre de archivo manipulado en el subdirectorio logs de una cuenta de usuario, debido a que el nombre de archivo se gestiona de manera incorrecta durante el renderizado de frontend/THEME/raw/index.html. • https://cxsecurity.com/issue/WLB-2018080093 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 17EXPL: 2CVE-2009-4823 – cPanel 11.x - 'fileop' Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2009-4823
27 Apr 2010 — Cross-site scripting (XSS) vulnerability in frontend/x3/files/fileop.html in cPanel 11.0 through 11.24.7 allows remote attackers to inject arbitrary web script or HTML via the fileop parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en frontend/x3/files/fileop.html en cPanel 11.0 a 11.24.7 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del parámetro "fileop". • https://www.exploit-db.com/exploits/33417 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 1%CPEs: 20EXPL: 2CVE-2008-6843 – Fantastico - 'index.php' Local File Inclusion
https://notcve.org/view.php?id=CVE-2008-6843
02 Jul 2009 — Directory traversal vulnerability in index.php in Fantastico, as used with cPanel 11.x, allows remote attackers to read arbitrary files via a .. (dot dot) in the sup3r parameter. Vulnerabilidad de salto de directorio en index.php en Fantastico, utilizado con cPanel v11.x, permite a los atacantes remotos leer arbitrariamente archivos a través de ..(punto punto) en el parámetro sup3r. • https://www.exploit-db.com/exploits/32632 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 5%CPEs: 2EXPL: 2CVE-2008-2478 – cPanel 11.21 - 'wwwact' Privilege Escalation
https://notcve.org/view.php?id=CVE-2008-2478
28 May 2008 — scripts/wwwacct in cPanel 11.18.6 STABLE and earlier and 11.23.1 CURRENT and earlier allows remote authenticated users with reseller privileges to execute arbitrary code via shell metacharacters in the Email address field (aka Email text box). NOTE: the vendor disputes this, stating "I'm unable to reproduce such an issue on multiple servers running different versions of cPanel. ** CUESTIONADA ** scripts/wwwacct en cPanel 11.18.6 STABLE y anteriores, y 11.23.1 CURRENT y anteriores, permite a usuarios autenti... • https://www.exploit-db.com/exploits/31807 • CWE-94: Improper Control of Generation of Code ('Code Injection') •