CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2019-14386
https://notcve.org/view.php?id=CVE-2019-14386
30 Jul 2019 — cPanel before 82.0.2 has stored XSS in the WHM Tomcat Manager interface (SEC-504). cPanel anterior a versión 82.0.2, presenta un XSS almacenado en la interfaz de WHM Tomcat Manager (SEC-504). • https://documentation.cpanel.net/display/CL/82+Change+Log • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16236
https://notcve.org/view.php?id=CVE-2018-16236
30 Aug 2018 — cPanel through 74 allows XSS via a crafted filename in the logs subdirectory of a user account, because the filename is mishandled during frontend/THEME/raw/index.html rendering. cPanel hasta la versión 74 permite Cross-Site Scripting (XSS) mediante un nombre de archivo manipulado en el subdirectorio logs de una cuenta de usuario, debido a que el nombre de archivo se gestiona de manera incorrecta durante el renderizado de frontend/THEME/raw/index.html. • https://cxsecurity.com/issue/WLB-2018080093 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 17EXPL: 2CVE-2009-4823 – cPanel 11.x - 'fileop' Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2009-4823
27 Apr 2010 — Cross-site scripting (XSS) vulnerability in frontend/x3/files/fileop.html in cPanel 11.0 through 11.24.7 allows remote attackers to inject arbitrary web script or HTML via the fileop parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en frontend/x3/files/fileop.html en cPanel 11.0 a 11.24.7 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del parámetro "fileop". • https://www.exploit-db.com/exploits/33417 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 2%CPEs: 1EXPL: 3CVE-2008-7142 – cPanel 11.18.3 - List Directories and Folders Information Disclosure
https://notcve.org/view.php?id=CVE-2008-7142
01 Sep 2009 — Absolute path traversal vulnerability in the Disk Usage module (frontend/x/diskusage/index.html) in cPanel 11.18.3 allows remote attackers to list arbitrary directories via the showtree parameter. Vulnerabilidad de salto de directorio absoluto en el módulo isk Usage (frontend/x/diskusage/index.html) en cPanel v11.18.3 permite a atacantes remotos listar directorios arbitrariamente a través del parámetro showtree. • https://www.exploit-db.com/exploits/31439 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 1%CPEs: 20EXPL: 2CVE-2008-6843 – Fantastico - 'index.php' Local File Inclusion
https://notcve.org/view.php?id=CVE-2008-6843
02 Jul 2009 — Directory traversal vulnerability in index.php in Fantastico, as used with cPanel 11.x, allows remote attackers to read arbitrary files via a .. (dot dot) in the sup3r parameter. Vulnerabilidad de salto de directorio en index.php en Fantastico, utilizado con cPanel v11.x, permite a los atacantes remotos leer arbitrariamente archivos a través de ..(punto punto) en el parámetro sup3r. • https://www.exploit-db.com/exploits/32632 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 5%CPEs: 2EXPL: 2CVE-2008-2478 – cPanel 11.21 - 'wwwact' Privilege Escalation
https://notcve.org/view.php?id=CVE-2008-2478
28 May 2008 — scripts/wwwacct in cPanel 11.18.6 STABLE and earlier and 11.23.1 CURRENT and earlier allows remote authenticated users with reseller privileges to execute arbitrary code via shell metacharacters in the Email address field (aka Email text box). NOTE: the vendor disputes this, stating "I'm unable to reproduce such an issue on multiple servers running different versions of cPanel. ** CUESTIONADA ** scripts/wwwacct en cPanel 11.18.6 STABLE y anteriores, y 11.23.1 CURRENT y anteriores, permite a usuarios autenti... • https://www.exploit-db.com/exploits/31807 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 4CVE-2008-2070 – cPanel 11.x - '/scripts2/changeip?user' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-2070
09 May 2008 — The WHM interface 11.15.0 for cPanel 11.18 before 11.18.4 and 11.22 before 11.22.3 allows remote attackers to bypass XSS protection and inject arbitrary script or HTML via repeated, improperly-ordered "<" and ">" characters in the (1) issue parameter to scripts2/knowlegebase, (2) user parameter to scripts2/changeip, (3) search parameter to scripts2/listaccts, and other unspecified vectors. La interfaz WHM 11.15.0 para cPanel 11.18 anterior a 11.18.4 y 11.22 anterior a 11.22.3 permite a atacantes remotos evi... • https://www.exploit-db.com/exploits/31772 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0CVE-2008-2071
https://notcve.org/view.php?id=CVE-2008-2071
09 May 2008 — Multiple cross-site request forgery (CSRF) vulnerabilities in the WHM interface 11.15.0 for cPanel 11.18 before 11.18.4 and 11.22 before 11.22.3 allow remote attackers to perform unauthorized actions as cPanel administrators via requests to cpanel/whm/webmail and other unspecified vectors. Múltiples vulnerabilidades de falsificación de petición en sitios cruzados (CSRF) en la interfaz WHM 11.15.0 para cPanel 11.18 anterior a 11.18.4 y 11.22 anterior a 11.22.3 permite a atacantes remotos realizar acciones si... • http://changelog.cpanel.net/?revision=0%3Btree=%3Btreeview=%3Bshow=html%3Bpp=25%3Bte=1314%3Bpg=2 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 1CVE-2008-2043
https://notcve.org/view.php?id=CVE-2008-2043
01 May 2008 — Multiple cross-site request forgery (CSRF) vulnerabilities in cPanel, possibly 11.18.3 and 11.19.3, allow remote attackers to (1) execute arbitrary code via the command1 parameter to frontend/x2/cron/editcronsimple.html, and perform various administrative actions via (2) frontend/x2/sql/adddb.html, (3) frontend/x2/sql/adduser.html, and (4) frontend/x2/ftp/doaddftp.html. Múltiples vulnerabilidades de falsificación de petición en sitios cruzados (CSRF) en cPanel, posiblemente 11.18.3 y 11.19.3, permite a los ... • http://secunia.com/advisories/30027 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 3CVE-2008-1499 – cPanel 11.18.3/11.21 - 'manpage.html' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-1499
25 Mar 2008 — Cross-site scripting (XSS) vulnerability in frontend/x/manpage.html in cPanel 11.18.3 and 11.21.0-BETA allows remote attackers to inject arbitrary web script or HTML via the query string. Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en frontend/x/manpage.html de cPanel 11.18.3 y 11.21.0-BETA, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante una cadena de consulta. • https://www.exploit-db.com/exploits/31472 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •