CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2019-20493
https://notcve.org/view.php?id=CVE-2019-20493
17 Mar 2020 — cPanel before 82.0.18 allows self-XSS because JSON string escaping is mishandled (SEC-520). cPanel versiones anteriores a 82.0.18, permite un ataque de tipo auto-XSS porque el escape de la cadena JSON es manejado inapropiadamente (SEC-520). • https://documentation.cpanel.net/display/CL/82+Change+Log • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2019-20492
https://notcve.org/view.php?id=CVE-2019-20492
17 Mar 2020 — cPanel before 82.0.18 allows authentication bypass because of misparsing of the format of the password file (SEC-516). cPanel versiones anteriores a 82.0.18, permite omitir la autenticación debido al análisis inapropiado del formato del archivo de contraseña (SEC-516). • https://documentation.cpanel.net/display/CL/82+Change+Log •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2019-20490
https://notcve.org/view.php?id=CVE-2019-20490
17 Mar 2020 — cPanel before 82.0.18 allows authentication bypass because webmail usernames are processed inconsistently (SEC-499). cPanel versiones anteriores a 82.0.18, permite omitir la autenticación porque los nombres de usuario de correo web son procesados inconsistentemente (SEC-499). • https://documentation.cpanel.net/display/CL/82+Change+Log •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2019-20491
https://notcve.org/view.php?id=CVE-2019-20491
16 Mar 2020 — cPanel before 82.0.18 allows attackers to leverage virtual mail accounts in order to bypass account suspensions (SEC-508). cPanel versiones anteriores a 82.0.18, permite a atacantes aprovechar las cuentas de correo virtuales para omitir las suspensiones de cuenta (SEC-508). • https://documentation.cpanel.net/display/CL/82+Change+Log •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 1CVE-2012-6449
https://notcve.org/view.php?id=CVE-2012-6449
10 Feb 2020 — The clientconf.html and detailbw.html pages in x3 in cPanel & WHM 11.34.0 (build 8) have a XSS vulnerability. Las páginas clientconf.html y detailbw.html en x3 en cPanel & WHM versión 11.34.0 (build 8), presentan una vulnerabilidad de tipo XSS. • https://packetstormsecurity.com/files/119113/C-Panel-WHM-11.34.0-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2012-6448 – cPanel WebHost Manager (WHM) - '/webmail/x3/mail/clientconf.html?acct' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-6448
27 Jan 2020 — Cross-site Scripting (XSS) in cPanel WebHost Manager (WHM) 11.34.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Una vulnerabilidad de tipo Cross-site Scripting (XSS) en cPanel WebHost Manager (WHM) versión 11.34.0, permite a atacantes remotos inyectar script web o HTML arbitrario, por medio de vectores no especificados. • https://www.exploit-db.com/exploits/38153 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-17380
https://notcve.org/view.php?id=CVE-2019-17380
09 Oct 2019 — cPanel before 82.0.15 allows self XSS in the WHM Update Preferences interface (SEC-528). cPanel versiones anteriores a 82.0.15, permite un ataque de tipo XSS propio en la interfaz WHM Update Preferences (SEC-528). • https://documentation.cpanel.net/display/CL/82+Change+Log • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2019-17379
https://notcve.org/view.php?id=CVE-2019-17379
09 Oct 2019 — cPanel before 82.0.15 allows self stored XSS in the WHM SSL Storage Manager interface (SEC-527). cPanel versiones anteriores a 82.0.15, permite un ataque de tipo XSS auto almacenado en la interfaz WHM SSL Storage Manager (SEC-527). • https://documentation.cpanel.net/display/CL/82+Change+Log • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2019-17378
https://notcve.org/view.php?id=CVE-2019-17378
09 Oct 2019 — cPanel before 82.0.15 allows self XSS in the SSL Key Delete interface (SEC-526). cPanel versiones anteriores a 82.0.15, permite un ataque de tipo XSS propio en la interfaz SSL Key Delete (SEC-526). • https://documentation.cpanel.net/display/CL/82+Change+Log • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2019-17377
https://notcve.org/view.php?id=CVE-2019-17377
09 Oct 2019 — cPanel before 82.0.15 allows self XSS in LiveAPI example scripts (SEC-524). cPanel versiones anteriores a 82.0.15, permite un ataque de tipo XSS propio en scripts de ejemplo de LiveAPI (SEC-524). • https://documentation.cpanel.net/display/CL/82+Change+Log • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •