Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Cpanel
(Cpanel)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 415 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-03-17 | CVE-2019-20493 | cPanel before 82.0.18 allows self-XSS because JSON string escaping is mishandled (SEC-520). | Cpanel | N/A | ||
| 2020-02-10 | CVE-2012-6449 | The clientconf.html and detailbw.html pages in x3 in cPanel & WHM 11.34.0 (build 8) have a XSS vulnerability. | Cpanel, Whm | N/A | ||
| 2017-03-03 | CVE-2017-5614 | Open redirect vulnerability in cgiemail and cgiecho allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the (1) success or (2) failure parameter. | Cpanel | N/A | ||
| 2019-10-09 | CVE-2019-17375 | cPanel before 82.0.15 allows API token credentials to persist after an account has been renamed or terminated (SEC-517). | Cpanel | N/A | ||
| 2019-10-09 | CVE-2019-17380 | cPanel before 82.0.15 allows self XSS in the WHM Update Preferences interface (SEC-528). | Cpanel | N/A | ||
| 2019-10-09 | CVE-2019-17379 | cPanel before 82.0.15 allows self stored XSS in the WHM SSL Storage Manager interface (SEC-527). | Cpanel | N/A | ||
| 2019-10-09 | CVE-2019-17378 | cPanel before 82.0.15 allows self XSS in the SSL Key Delete interface (SEC-526). | Cpanel | N/A | ||
| 2019-10-09 | CVE-2019-17377 | cPanel before 82.0.15 allows self XSS in LiveAPI example scripts (SEC-524). | Cpanel | N/A | ||
| 2019-10-09 | CVE-2019-17376 | cPanel before 82.0.15 allows self XSS in the SSL Certificate Upload interface (SEC-521). | Cpanel | N/A | ||
| 2019-08-02 | CVE-2017-18429 | In cPanel before 66.0.2, Apache HTTP Server SSL domain logs can persist on disk after an account termination (SEC-291). | Cpanel | N/A |