CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 1CVE-2008-2043
https://notcve.org/view.php?id=CVE-2008-2043
01 May 2008 — Multiple cross-site request forgery (CSRF) vulnerabilities in cPanel, possibly 11.18.3 and 11.19.3, allow remote attackers to (1) execute arbitrary code via the command1 parameter to frontend/x2/cron/editcronsimple.html, and perform various administrative actions via (2) frontend/x2/sql/adddb.html, (3) frontend/x2/sql/adduser.html, and (4) frontend/x2/ftp/doaddftp.html. Múltiples vulnerabilidades de falsificación de petición en sitios cruzados (CSRF) en cPanel, posiblemente 11.18.3 y 11.19.3, permite a los ... • http://secunia.com/advisories/30027 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 3CVE-2008-1499 – cPanel 11.18.3/11.21 - 'manpage.html' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-1499
25 Mar 2008 — Cross-site scripting (XSS) vulnerability in frontend/x/manpage.html in cPanel 11.18.3 and 11.21.0-BETA allows remote attackers to inject arbitrary web script or HTML via the query string. Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en frontend/x/manpage.html de cPanel 11.18.3 y 11.21.0-BETA, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante una cadena de consulta. • https://www.exploit-db.com/exploits/31472 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2008-0370
https://notcve.org/view.php?id=CVE-2008-0370
22 Jan 2008 — Cross-site scripting (XSS) vulnerability in dohtaccess.html in cPanel before 11.17 build 19417 allows remote attackers to inject arbitrary web script or HTML via the rurl parameter. NOTE: some of these details are obtained from third party information. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en dohtaccess.html en cPanel anterior a 11.17 construcción 19417 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro rurl. NOTA: algunos de estos detal... • http://aria-security.net/forum/showthread.php?p=1238 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2007-4022 – cPanel 10.9.1 - 'Resname' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-4022
26 Jul 2007 — Cross-site scripting (XSS) vulnerability in frontend/x/htaccess/changepro.html in cPanel 10.9.1 allows remote attackers to inject arbitrary web script or HTML via the resname parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el frontend/x/htaccess/changepro.html del cPanel 10.9.1 permiten a atacantes remotos la inyección de secuencias de comandos web o HTML de su elección a través del parámetro resname. • https://www.exploit-db.com/exploits/30380 •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2007-3366
https://notcve.org/view.php?id=CVE-2007-3366
22 Jun 2007 — Cross-site scripting (XSS) vulnerability in Simple CGI Wrapper (scgiwrap) in cPanel before 10.9.1, and 11.x before 11.4.19-R14378, allows remote attackers to inject arbitrary web script or HTML via the URI. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Simple CGI Wrapper (scgiwrap) de cPanel versiones anteriores a 10.9.1, y 11.x versiones anteriores a 11.4.19-R14378, perm... • http://osvdb.org/35860 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2007-3367
https://notcve.org/view.php?id=CVE-2007-3367
22 Jun 2007 — Simple CGI Wrapper (scgiwrap) in cPanel before 10.9.1, and 11.x before 11.4.19-R14378, allows remote attackers to obtain sensitive information via a direct request, which reveals the path in an error message. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Simple CGI Wrapper (scgiwrap) de cPanel versiones anteriores a 10.9.1, y 11.x versiones anteriores a 11.4.19-R14378, permite a atacantes remotos obtener información confidencial mediante u... • http://osvdb.org/35861 •
CVSS: 6.8EPSS: 3%CPEs: 1EXPL: 3CVE-2006-6523 – cPanel 11 BoxTrapper - Manage.HTML Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-6523
14 Dec 2006 — Cross-site scripting (XSS) vulnerability in mail/manage.html in BoxTrapper in cPanel 11 allows remote attackers to inject arbitrary web script or HTML via the account parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en mail/manage.html en BoxTrapper en cPanel 11 permite a atacantes remotos inyectar scripts web o HTML de su elección a través del parámetro account. • https://www.exploit-db.com/exploits/29237 •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 4CVE-2006-5883 – cPanel 10 - 'newuser.html' Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2006-5883
14 Nov 2006 — Multiple cross-site scripting (XSS) vulnerabilities in cPanel 10 allow remote authenticated users to inject arbitrary web script or HTML via the (1) dir parameter in (a) seldir.html, and the (2) user and (3) dir parameters in (b) newuser.html. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en cPanel 10 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML de su elección mediante el (1) parámetro dir en (a) seldir.html, y los parámetros (2) user y (... • https://www.exploit-db.com/exploits/28983 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 3CVE-2006-5535 – cPanel 10.9 - 'dosetmytheme?theme' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-5535
26 Oct 2006 — Multiple cross-site scripting (XSS) vulnerabilities in WebHostManager (WHM) 10.8.0 cPanel 10.9.0 R50 allow remote attackers to inject arbitrary web script or HTML via the (1) theme parameter to scripts/dosetmytheme and the (2) template parameter to scripts2/editzonetemplate. Vulnerabilidades múltiples de cruce de sitios en scripts (XSS) en WebHostManager (WHM) 10.8.0 cPanel 10.9.0 R50 permiten a atacantes remotos inyectar scripts WEB o HTML mediante 1) parámetro theme en scripts/dosetmytheme y (2) parámetro... • https://www.exploit-db.com/exploits/28843 •
CVSS: 9.0EPSS: 2%CPEs: 19EXPL: 1CVE-2006-5014 – cPanel 10.8.x - cpwrap via MySQLAdmin Privilege Escalation
https://notcve.org/view.php?id=CVE-2006-5014
27 Sep 2006 — Unspecified vulnerability in cPanel before 10.9.0 12 Tree allows remote authenticated users to gain privileges via unspecified vectors in (1) mysqladmin and (2) hooksadmin. Vulnerabilidad no especificada en cPanel anterior a 10.9.0 12 Tree permite a usuarios remotos autenticados obtener privilegios mediante vectores no especificados en (1) mysqladmin y (2) hooksadmin. • https://www.exploit-db.com/exploits/2466 •