CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 0CVE-2006-0574
https://notcve.org/view.php?id=CVE-2006-0574
07 Feb 2006 — Cross-site scripting (XSS) vulnerability in mime/handle.html in cPanel 10 allows remote attackers to inject arbitrary web script or HTML via the (1) file extension or (2) mime-type. • http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0062.html •
CVSS: 6.1EPSS: 43%CPEs: 2EXPL: 2CVE-2005-3505
https://notcve.org/view.php?id=CVE-2005-3505
05 Nov 2005 — Cross-site scripting (XSS) vulnerability in the Entropy Chat script in cPanel 10.2.0-R82 and 10.6.0-R137 allows remote attackers to inject arbitrary web script or HTML via a chat message containing Javascript in style attributes in tags such as <b>, which are processed by Internet Explorer. • http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0124.html •
CVSS: 6.1EPSS: 0%CPEs: 12EXPL: 2CVE-2005-2021 – cPanel 9.1 - 'User' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2005-2021
20 Jun 2005 — Cross-site scripting (XSS) vulnerability in cPanel 9.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the user parameter in the login page. • https://www.exploit-db.com/exploits/25846 •
CVSS: 6.1EPSS: 0%CPEs: 12EXPL: 3CVE-2004-2308 – cPanel 5/6/7/8/9 - 'dir' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2004-2308
31 Dec 2004 — Cross-site scripting (XSS) vulnerability in cPanel 9.1.0 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the dir parameter in dohtaccess.html. • https://www.exploit-db.com/exploits/23806 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 3CVE-2004-1603
https://notcve.org/view.php?id=CVE-2004-1603
18 Oct 2004 — cPanel 9.4.1-RELEASE-64 follows hard links, which allows local users to (1) read arbitrary files via the backup feature or (2) chown arbitrary files via the .htaccess file when Front Page extensions are enabled or disabled. • http://marc.info/?l=bugtraq&m=109811572123753&w=2 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2004-1604
https://notcve.org/view.php?id=CVE-2004-1604
30 Sep 2004 — cPanel 9.9.1-RELEASE-3 allows remote authenticated users to chmod arbitrary files via a symlink attack on the _private directory, which is created when Front Page extensions are enabled. • http://marc.info/?l=bugtraq&m=109811762230326&w=2 •
CVSS: 8.8EPSS: 0%CPEs: 13EXPL: 2CVE-2004-0490 – cPanel 5 < 9 - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2004-0490
03 Jun 2004 — cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529. cPanel, cuan... • https://www.exploit-db.com/exploits/24141 •
CVSS: 9.3EPSS: 27%CPEs: 1EXPL: 1CVE-2004-1875 – cPanel 10 - DNSlook.HTML Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2004-1875
30 Mar 2004 — Multiple cross-site scripting (XSS) vulnerabilities in cPanel 9.1.0-R85 allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to testfile.html, (2) file parameter to erredit.html, (3) dns parameter to dnslook.html, (4) account parameter to ignorelist.html, (5) account parameter to showlog.html, (6) db parameter to repairdb.html, (7) login parameter to doaddftp.html (8) account parameter to editmsg.htm, or (9) ip parameter to del.html. NOTE: the dnslook.html vector was lat... • https://www.exploit-db.com/exploits/29071 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 1CVE-2004-1849
https://notcve.org/view.php?id=CVE-2004-1849
24 Mar 2004 — Multiple cross-site scripting (XSS) vulnerabilities in cPanel 9.1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to dodelautores.html or (2) handle parameter to addhandle.html. • http://marc.info/?l=bugtraq&m=108006627005371&w=2 •
CVSS: 10.0EPSS: 26%CPEs: 12EXPL: 4CVE-2004-1769 – cPanel 5/6/7/8/9 - Resetpass Remote Command Execution
https://notcve.org/view.php?id=CVE-2004-1769
11 Mar 2004 — The "Allow cPanel users to reset their password via email" feature in cPanel 9.1.0 build 34 and earlier, including 8.x, allows remote attackers to execute arbitrary code via the user parameter to resetpass. • https://www.exploit-db.com/exploits/23804 •