CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16236
https://notcve.org/view.php?id=CVE-2018-16236
30 Aug 2018 — cPanel through 74 allows XSS via a crafted filename in the logs subdirectory of a user account, because the filename is mishandled during frontend/THEME/raw/index.html rendering. cPanel hasta la versión 74 permite Cross-Site Scripting (XSS) mediante un nombre de archivo manipulado en el subdirectorio logs de una cuenta de usuario, debido a que el nombre de archivo se gestiona de manera incorrecta durante el renderizado de frontend/THEME/raw/index.html. • https://cxsecurity.com/issue/WLB-2018080093 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 5%CPEs: 2EXPL: 2CVE-2008-2478 – cPanel 11.21 - 'wwwact' Privilege Escalation
https://notcve.org/view.php?id=CVE-2008-2478
28 May 2008 — scripts/wwwacct in cPanel 11.18.6 STABLE and earlier and 11.23.1 CURRENT and earlier allows remote authenticated users with reseller privileges to execute arbitrary code via shell metacharacters in the Email address field (aka Email text box). NOTE: the vendor disputes this, stating "I'm unable to reproduce such an issue on multiple servers running different versions of cPanel. ** CUESTIONADA ** scripts/wwwacct en cPanel 11.18.6 STABLE y anteriores, y 11.23.1 CURRENT y anteriores, permite a usuarios autenti... • https://www.exploit-db.com/exploits/31807 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2007-3366
https://notcve.org/view.php?id=CVE-2007-3366
22 Jun 2007 — Cross-site scripting (XSS) vulnerability in Simple CGI Wrapper (scgiwrap) in cPanel before 10.9.1, and 11.x before 11.4.19-R14378, allows remote attackers to inject arbitrary web script or HTML via the URI. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Simple CGI Wrapper (scgiwrap) de cPanel versiones anteriores a 10.9.1, y 11.x versiones anteriores a 11.4.19-R14378, perm... • http://osvdb.org/35860 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2007-3367
https://notcve.org/view.php?id=CVE-2007-3367
22 Jun 2007 — Simple CGI Wrapper (scgiwrap) in cPanel before 10.9.1, and 11.x before 11.4.19-R14378, allows remote attackers to obtain sensitive information via a direct request, which reveals the path in an error message. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Simple CGI Wrapper (scgiwrap) de cPanel versiones anteriores a 10.9.1, y 11.x versiones anteriores a 11.4.19-R14378, permite a atacantes remotos obtener información confidencial mediante u... • http://osvdb.org/35861 •
CVSS: 9.0EPSS: 2%CPEs: 19EXPL: 1CVE-2006-5014 – cPanel 10.8.x - cpwrap via MySQLAdmin Privilege Escalation
https://notcve.org/view.php?id=CVE-2006-5014
27 Sep 2006 — Unspecified vulnerability in cPanel before 10.9.0 12 Tree allows remote authenticated users to gain privileges via unspecified vectors in (1) mysqladmin and (2) hooksadmin. Vulnerabilidad no especificada en cPanel anterior a 10.9.0 12 Tree permite a usuarios remotos autenticados obtener privilegios mediante vectores no especificados en (1) mysqladmin y (2) hooksadmin. • https://www.exploit-db.com/exploits/2466 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2006-3337 – cPanel 10 - Select.HTML Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-3337
03 Jul 2006 — Cross-site scripting (XSS) vulnerability in frontend/x/files/select.html in cPanel 10.8.2-CURRENT 118 and earlier allows remote attackers to inject arbitrary web script or HTML via the file parameter. Una vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados(XSS) en frontend/x/files/select.html en cPanel v10.8.2-CURRENT 118 y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro "file". • https://www.exploit-db.com/exploits/28107 •
CVSS: 6.1EPSS: 1%CPEs: 13EXPL: 1CVE-2006-0573
https://notcve.org/view.php?id=CVE-2006-0573
07 Feb 2006 — Multiple cross-site scripting (XSS) vulnerabilies in cPanel 10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to (a) editquota.html or (b) dodelpop.html; (2) showtree parameter to (c) diskusage.html; or the (3) mon, (4) year, (5) target, or (6) domain parameter to (d) stats/detailbw.html. Múltiples vulnerabilidades de XSS en cPanel 10 y versiones anteriores permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios mediante el p... • http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0025.html •
CVSS: 6.1EPSS: 0%CPEs: 12EXPL: 2CVE-2005-2021 – cPanel 9.1 - 'User' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2005-2021
20 Jun 2005 — Cross-site scripting (XSS) vulnerability in cPanel 9.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the user parameter in the login page. • https://www.exploit-db.com/exploits/25846 •
CVSS: 6.1EPSS: 0%CPEs: 12EXPL: 3CVE-2004-2308 – cPanel 5/6/7/8/9 - 'dir' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2004-2308
31 Dec 2004 — Cross-site scripting (XSS) vulnerability in cPanel 9.1.0 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the dir parameter in dohtaccess.html. • https://www.exploit-db.com/exploits/23806 •
CVSS: 8.8EPSS: 0%CPEs: 13EXPL: 2CVE-2004-0490 – cPanel 5 < 9 - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2004-0490
03 Jun 2004 — cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529. cPanel, cuan... • https://www.exploit-db.com/exploits/24141 •