Cpanel
by CPanel
CVEs (413)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-18473 | 0.00 | — | 0.01 | Aug 5, 2019 | cPanel before 62.0.4 allows self XSS on the webmail Password and Security page (SEC-199). | |||
| CVE-2017-18472 | 0.00 | — | 0.01 | Aug 5, 2019 | cPanel before 62.0.4 allows reflected XSS in reset-password interfaces (SEC-198). | |||
| CVE-2017-18471 | 0.00 | — | 0.01 | Aug 5, 2019 | cPanel before 62.0.4 allows self XSS on the paper_lantern password-change screen (SEC-197). | |||
| CVE-2017-18470 | 0.00 | — | 0.01 | Aug 5, 2019 | cPanel before 62.0.4 has a fixed password for the Munin MySQL test account (SEC-196). | |||
| CVE-2017-18469 | 0.00 | — | 0.01 | Aug 5, 2019 | cPanel before 62.0.17 allows demo accounts to execute code via an NVData_fetchinc API call (SEC-233). | |||
| CVE-2017-18468 | 0.00 | — | 0.01 | Aug 5, 2019 | cPanel before 62.0.17 allows demo accounts to execute code via the Htaccess::setphppreference API (SEC-232). | |||
| CVE-2017-18467 | 0.00 | — | 0.01 | Aug 5, 2019 | cPanel before 62.0.17 allows access to restricted resources because of a URL filtering error (SEC-229). | |||
| CVE-2017-18465 | 0.00 | — | 0.00 | Aug 5, 2019 | cPanel before 62.0.17 does not have a sufficient list of reserved usernames (SEC-227). | |||
| CVE-2017-18466 | 0.00 | — | 0.01 | Aug 5, 2019 | cPanel before 62.0.17 does not properly recognize domain ownership during addition of parked domains to a mail configuration (SEC-228). | |||
| CVE-2017-18464 | 0.00 | — | 0.01 | Aug 5, 2019 | cPanel before 62.0.17 allows arbitrary file-overwrite operations via the WHM Zone Template editor (SEC-226). | |||
| CVE-2017-18462 | 0.00 | — | 0.01 | Aug 5, 2019 | cPanel before 62.0.17 allows a CPHulk one-day ban bypass when IP based protection is enabled (SEC-224). | |||
| CVE-2017-18463 | 0.00 | — | 0.00 | Aug 2, 2019 | cPanel before 62.0.17 allows code execution in the context of the root account via a long DocumentRoot path (SEC-225). | |||
| CVE-2017-18461 | 0.00 | — | 0.01 | Aug 2, 2019 | cPanel before 62.0.17 allows does not preserve security policy questions across an account rename (SEC-223). | |||
| CVE-2017-18460 | 0.00 | — | 0.00 | Aug 2, 2019 | cPanel before 62.0.17 allows arbitrary code execution during automatic SSL installation (SEC-221). | |||
| CVE-2017-18459 | 0.00 | — | 0.00 | Aug 2, 2019 | cPanel before 62.0.17 allows arbitrary code execution during account modification (SEC-220). | |||
| CVE-2017-18458 | 0.00 | — | 0.00 | Aug 2, 2019 | cPanel before 62.0.17 allows file overwrite when renaming an account (SEC-219). | |||
| CVE-2017-18457 | 0.00 | — | 0.00 | Aug 2, 2019 | cPanel before 62.0.17 allows arbitrary file-read operations via WHM /styled/ URLs (SEC-218). | |||
| CVE-2017-18456 | 0.00 | — | 0.01 | Aug 2, 2019 | cPanel before 62.0.17 allows self XSS in the WHM cPAddons showsecurity interface (SEC-217). | |||
| CVE-2017-18455 | 0.00 | — | 0.01 | Aug 2, 2019 | In cPanel before 62.0.17, addon domain conversion did not require a package for resellers (SEC-208). | |||
| CVE-2017-18454 | 0.00 | — | 0.01 | Aug 2, 2019 | cPanel before 62.0.24 allows stored XSS in the WHM cPAddons install interface (SEC-262). |
- CVE-2017-18473Aug 5, 2019risk 0.00cvss —epss 0.01
cPanel before 62.0.4 allows self XSS on the webmail Password and Security page (SEC-199).
- CVE-2017-18472Aug 5, 2019risk 0.00cvss —epss 0.01
cPanel before 62.0.4 allows reflected XSS in reset-password interfaces (SEC-198).
- CVE-2017-18471Aug 5, 2019risk 0.00cvss —epss 0.01
cPanel before 62.0.4 allows self XSS on the paper_lantern password-change screen (SEC-197).
- CVE-2017-18470Aug 5, 2019risk 0.00cvss —epss 0.01
cPanel before 62.0.4 has a fixed password for the Munin MySQL test account (SEC-196).
- CVE-2017-18469Aug 5, 2019risk 0.00cvss —epss 0.01
cPanel before 62.0.17 allows demo accounts to execute code via an NVData_fetchinc API call (SEC-233).
- CVE-2017-18468Aug 5, 2019risk 0.00cvss —epss 0.01
cPanel before 62.0.17 allows demo accounts to execute code via the Htaccess::setphppreference API (SEC-232).
- CVE-2017-18467Aug 5, 2019risk 0.00cvss —epss 0.01
cPanel before 62.0.17 allows access to restricted resources because of a URL filtering error (SEC-229).
- CVE-2017-18465Aug 5, 2019risk 0.00cvss —epss 0.00
cPanel before 62.0.17 does not have a sufficient list of reserved usernames (SEC-227).
- CVE-2017-18466Aug 5, 2019risk 0.00cvss —epss 0.01
cPanel before 62.0.17 does not properly recognize domain ownership during addition of parked domains to a mail configuration (SEC-228).
- CVE-2017-18464Aug 5, 2019risk 0.00cvss —epss 0.01
cPanel before 62.0.17 allows arbitrary file-overwrite operations via the WHM Zone Template editor (SEC-226).
- CVE-2017-18462Aug 5, 2019risk 0.00cvss —epss 0.01
cPanel before 62.0.17 allows a CPHulk one-day ban bypass when IP based protection is enabled (SEC-224).
- CVE-2017-18463Aug 2, 2019risk 0.00cvss —epss 0.00
cPanel before 62.0.17 allows code execution in the context of the root account via a long DocumentRoot path (SEC-225).
- CVE-2017-18461Aug 2, 2019risk 0.00cvss —epss 0.01
cPanel before 62.0.17 allows does not preserve security policy questions across an account rename (SEC-223).
- CVE-2017-18460Aug 2, 2019risk 0.00cvss —epss 0.00
cPanel before 62.0.17 allows arbitrary code execution during automatic SSL installation (SEC-221).
- CVE-2017-18459Aug 2, 2019risk 0.00cvss —epss 0.00
cPanel before 62.0.17 allows arbitrary code execution during account modification (SEC-220).
- CVE-2017-18458Aug 2, 2019risk 0.00cvss —epss 0.00
cPanel before 62.0.17 allows file overwrite when renaming an account (SEC-219).
- CVE-2017-18457Aug 2, 2019risk 0.00cvss —epss 0.00
cPanel before 62.0.17 allows arbitrary file-read operations via WHM /styled/ URLs (SEC-218).
- CVE-2017-18456Aug 2, 2019risk 0.00cvss —epss 0.01
cPanel before 62.0.17 allows self XSS in the WHM cPAddons showsecurity interface (SEC-217).
- CVE-2017-18455Aug 2, 2019risk 0.00cvss —epss 0.01
In cPanel before 62.0.17, addon domain conversion did not require a package for resellers (SEC-208).
- CVE-2017-18454Aug 2, 2019risk 0.00cvss —epss 0.01
cPanel before 62.0.24 allows stored XSS in the WHM cPAddons install interface (SEC-262).
Page 8 of 21