CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2019-17376
https://notcve.org/view.php?id=CVE-2019-17376
09 Oct 2019 — cPanel before 82.0.15 allows self XSS in the SSL Certificate Upload interface (SEC-521). cPanel versiones anteriores a 82.0.15, permite un ataque de tipo XSS propio en la interfaz SSL Certificate Upload (SEC-521). • https://documentation.cpanel.net/display/CL/82+Change+Log • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-17375
https://notcve.org/view.php?id=CVE-2019-17375
09 Oct 2019 — cPanel before 82.0.15 allows API token credentials to persist after an account has been renamed or terminated (SEC-517). cPanel versiones anteriores a 82.0.15, permite que las credenciales de token de la API persistan después de que una cuenta ha sido renombrada o cancelada (SEC-517). • https://documentation.cpanel.net/display/CL/82+Change+Log • CWE-613: Insufficient Session Expiration •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-14391
https://notcve.org/view.php?id=CVE-2019-14391
30 Jul 2019 — cPanel before 82.0.2 does not properly enforce Reseller package creation ACLs (SEC-514). cPanel anterior a versión 82.0.2, no aplica apropiadamente la creación de la ACL de paquetes Reseller (SEC-514). • https://documentation.cpanel.net/display/CL/82+Change+Log •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2019-14390
https://notcve.org/view.php?id=CVE-2019-14390
30 Jul 2019 — cPanel before 82.0.2 has stored XSS in the WHM Modify Account interface (SEC-512). cPanel anterior a versión 82.0.2, ha almacenado XSS en la interfaz de WHM Modify Account (SEC-512). • https://documentation.cpanel.net/display/CL/82+Change+Log • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-14389
https://notcve.org/view.php?id=CVE-2019-14389
30 Jul 2019 — cPanel before 82.0.2 allows local users to discover the MySQL root password (SEC-510). cPanel anterior a versión 82.0.2, permite a los usuarios locales descubrir la contraseña root de MySQL (SEC-510). • https://documentation.cpanel.net/display/CL/82+Change+Log •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-14388
https://notcve.org/view.php?id=CVE-2019-14388
30 Jul 2019 — cPanel before 82.0.2 allows unauthenticated file creation because Exim log parsing is mishandled (SEC-507). cPanel anterior a versión 82.0.2, permite la creación de archivos no autenticados porque el análisis de registros Exim es manejado inapropiadamente (SEC-507). • https://documentation.cpanel.net/display/CL/82+Change+Log •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-14387
https://notcve.org/view.php?id=CVE-2019-14387
30 Jul 2019 — cPanel before 82.0.2 has Self XSS in the cPanel and webmail master templates (SEC-506). cPanel anterior a versión 82.0.2, presenta una vulnerabilidad de tipo XSS Propia en las plantillas maestras del cPanel y webmail (SEC-506). • https://documentation.cpanel.net/display/CL/82+Change+Log • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2019-14386
https://notcve.org/view.php?id=CVE-2019-14386
30 Jul 2019 — cPanel before 82.0.2 has stored XSS in the WHM Tomcat Manager interface (SEC-504). cPanel anterior a versión 82.0.2, presenta un XSS almacenado en la interfaz de WHM Tomcat Manager (SEC-504). • https://documentation.cpanel.net/display/CL/82+Change+Log • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •