CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-14387
https://notcve.org/view.php?id=CVE-2019-14387
30 Jul 2019 — cPanel before 82.0.2 has Self XSS in the cPanel and webmail master templates (SEC-506). cPanel anterior a versión 82.0.2, presenta una vulnerabilidad de tipo XSS Propia en las plantillas maestras del cPanel y webmail (SEC-506). • https://documentation.cpanel.net/display/CL/82+Change+Log • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2019-14386
https://notcve.org/view.php?id=CVE-2019-14386
30 Jul 2019 — cPanel before 82.0.2 has stored XSS in the WHM Tomcat Manager interface (SEC-504). cPanel anterior a versión 82.0.2, presenta un XSS almacenado en la interfaz de WHM Tomcat Manager (SEC-504). • https://documentation.cpanel.net/display/CL/82+Change+Log • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16236
https://notcve.org/view.php?id=CVE-2018-16236
30 Aug 2018 — cPanel through 74 allows XSS via a crafted filename in the logs subdirectory of a user account, because the filename is mishandled during frontend/THEME/raw/index.html rendering. cPanel hasta la versión 74 permite Cross-Site Scripting (XSS) mediante un nombre de archivo manipulado en el subdirectorio logs de una cuenta de usuario, debido a que el nombre de archivo se gestiona de manera incorrecta durante el renderizado de frontend/THEME/raw/index.html. • https://cxsecurity.com/issue/WLB-2018080093 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2017-5614
https://notcve.org/view.php?id=CVE-2017-5614
03 Mar 2017 — Open redirect vulnerability in cgiemail and cgiecho allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the (1) success or (2) failure parameter. Vulnerabilidad de redirección abierta en cgiemail y cgiecho permite a atacantes remotos redirigir a usuarios a sitios web arbitrarios y llevar a cabo ataques de phishing a través de vectores que involucran el parámetro (1) success o (2) failure. • http://www.openwall.com/lists/oss-security/2017/01/28/8 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.1EPSS: 0%CPEs: 17EXPL: 2CVE-2009-4823 – cPanel 11.x - 'fileop' Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2009-4823
27 Apr 2010 — Cross-site scripting (XSS) vulnerability in frontend/x3/files/fileop.html in cPanel 11.0 through 11.24.7 allows remote attackers to inject arbitrary web script or HTML via the fileop parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en frontend/x3/files/fileop.html en cPanel 11.0 a 11.24.7 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del parámetro "fileop". • https://www.exploit-db.com/exploits/33417 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 2%CPEs: 1EXPL: 3CVE-2008-7142 – cPanel 11.18.3 - List Directories and Folders Information Disclosure
https://notcve.org/view.php?id=CVE-2008-7142
01 Sep 2009 — Absolute path traversal vulnerability in the Disk Usage module (frontend/x/diskusage/index.html) in cPanel 11.18.3 allows remote attackers to list arbitrary directories via the showtree parameter. Vulnerabilidad de salto de directorio absoluto en el módulo isk Usage (frontend/x/diskusage/index.html) en cPanel v11.18.3 permite a atacantes remotos listar directorios arbitrariamente a través del parámetro showtree. • https://www.exploit-db.com/exploits/31439 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 1%CPEs: 20EXPL: 2CVE-2008-6843 – Fantastico - 'index.php' Local File Inclusion
https://notcve.org/view.php?id=CVE-2008-6843
02 Jul 2009 — Directory traversal vulnerability in index.php in Fantastico, as used with cPanel 11.x, allows remote attackers to read arbitrary files via a .. (dot dot) in the sup3r parameter. Vulnerabilidad de salto de directorio en index.php en Fantastico, utilizado con cPanel v11.x, permite a los atacantes remotos leer arbitrariamente archivos a través de ..(punto punto) en el parámetro sup3r. • https://www.exploit-db.com/exploits/32632 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 5%CPEs: 2EXPL: 2CVE-2008-2478 – cPanel 11.21 - 'wwwact' Privilege Escalation
https://notcve.org/view.php?id=CVE-2008-2478
28 May 2008 — scripts/wwwacct in cPanel 11.18.6 STABLE and earlier and 11.23.1 CURRENT and earlier allows remote authenticated users with reseller privileges to execute arbitrary code via shell metacharacters in the Email address field (aka Email text box). NOTE: the vendor disputes this, stating "I'm unable to reproduce such an issue on multiple servers running different versions of cPanel. ** CUESTIONADA ** scripts/wwwacct en cPanel 11.18.6 STABLE y anteriores, y 11.23.1 CURRENT y anteriores, permite a usuarios autenti... • https://www.exploit-db.com/exploits/31807 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 4CVE-2008-2070 – cPanel 11.x - '/scripts2/changeip?user' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-2070
09 May 2008 — The WHM interface 11.15.0 for cPanel 11.18 before 11.18.4 and 11.22 before 11.22.3 allows remote attackers to bypass XSS protection and inject arbitrary script or HTML via repeated, improperly-ordered "<" and ">" characters in the (1) issue parameter to scripts2/knowlegebase, (2) user parameter to scripts2/changeip, (3) search parameter to scripts2/listaccts, and other unspecified vectors. La interfaz WHM 11.15.0 para cPanel 11.18 anterior a 11.18.4 y 11.22 anterior a 11.22.3 permite a atacantes remotos evi... • https://www.exploit-db.com/exploits/31772 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0CVE-2008-2071
https://notcve.org/view.php?id=CVE-2008-2071
09 May 2008 — Multiple cross-site request forgery (CSRF) vulnerabilities in the WHM interface 11.15.0 for cPanel 11.18 before 11.18.4 and 11.22 before 11.22.3 allow remote attackers to perform unauthorized actions as cPanel administrators via requests to cpanel/whm/webmail and other unspecified vectors. Múltiples vulnerabilidades de falsificación de petición en sitios cruzados (CSRF) en la interfaz WHM 11.15.0 para cPanel 11.18 anterior a 11.18.4 y 11.22 anterior a 11.22.3 permite a atacantes remotos realizar acciones si... • http://changelog.cpanel.net/?revision=0%3Btree=%3Btreeview=%3Bshow=html%3Bpp=25%3Bte=1314%3Bpg=2 • CWE-352: Cross-Site Request Forgery (CSRF) •