Whm
by CPanel
CVEs (10)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-41940 | Cri | 0.92 | 9.8 | 0.98 | KEV | Apr 29, 2026 | cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel. | |
| CVE-2017-11441 | Med | 0.35 | 5.4 | 0.01 | Jul 19, 2017 | The WHM Upload Locale interface in cPanel before 56.0.51, 58.x before 58.0.52, 60.x before 60.0.45, 62.x before 62.0.27, 64.x before 64.0.33, and 66.x before 66.0.2 has XSS via a locale filename, aka SEC-297. | ||
| CVE-2008-2070 | 0.03 | — | 0.02 | May 12, 2008 | The WHM interface 11.15.0 for cPanel 11.18 before 11.18.4 and 11.22 before 11.22.3 allows remote attackers to bypass XSS protection and inject arbitrary script or HTML via repeated, improperly-ordered "<" and ">" characters in the (1) issue parameter to scripts2/knowlegebase,… | |||
| CVE-2021-38585 | 0.00 | — | 0.01 | Aug 11, 2021 | The WHM Locale Upload feature in cPanel before 98.0.1 allows unserialization attacks (SEC-585). | |||
| CVE-2012-6449 | 0.00 | — | 0.01 | Feb 10, 2020 | The clientconf.html and detailbw.html pages in x3 in cPanel & WHM 11.34.0 (build 8) have a XSS vulnerability. | |||
| CVE-2019-17380 | 0.00 | — | 0.01 | Oct 9, 2019 | cPanel before 82.0.15 allows self XSS in the WHM Update Preferences interface (SEC-528). | |||
| CVE-2017-18456 | 0.00 | — | 0.01 | Aug 2, 2019 | cPanel before 62.0.17 allows self XSS in the WHM cPAddons showsecurity interface (SEC-217). | |||
| CVE-2018-20919 | 0.00 | — | 0.01 | Aug 1, 2019 | cPanel before 70.0.23 allows stored XSS via a WHM Create Account action (SEC-373). | |||
| CVE-2018-20910 | 0.00 | — | 0.01 | Aug 1, 2019 | cPanel before 70.0.23 allows self XSS in the WHM cPAddons showsecurity Interface (SEC-357). | |||
| CVE-2008-2071 | 0.00 | — | 0.01 | May 12, 2008 | Multiple cross-site request forgery (CSRF) vulnerabilities in the WHM interface 11.15.0 for cPanel 11.18 before 11.18.4 and 11.22 before 11.22.3 allow remote attackers to perform unauthorized actions as cPanel administrators via requests to cpanel/whm/webmail and other… |
- risk 0.92cvss 9.8epss 0.98
cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel.
- risk 0.35cvss 5.4epss 0.01
The WHM Upload Locale interface in cPanel before 56.0.51, 58.x before 58.0.52, 60.x before 60.0.45, 62.x before 62.0.27, 64.x before 64.0.33, and 66.x before 66.0.2 has XSS via a locale filename, aka SEC-297.
- CVE-2008-2070May 12, 2008risk 0.03cvss —epss 0.02
The WHM interface 11.15.0 for cPanel 11.18 before 11.18.4 and 11.22 before 11.22.3 allows remote attackers to bypass XSS protection and inject arbitrary script or HTML via repeated, improperly-ordered "<" and ">" characters in the (1) issue parameter to scripts2/knowlegebase,…
- CVE-2021-38585Aug 11, 2021risk 0.00cvss —epss 0.01
The WHM Locale Upload feature in cPanel before 98.0.1 allows unserialization attacks (SEC-585).
- CVE-2012-6449Feb 10, 2020risk 0.00cvss —epss 0.01
The clientconf.html and detailbw.html pages in x3 in cPanel & WHM 11.34.0 (build 8) have a XSS vulnerability.
- CVE-2019-17380Oct 9, 2019risk 0.00cvss —epss 0.01
cPanel before 82.0.15 allows self XSS in the WHM Update Preferences interface (SEC-528).
- CVE-2017-18456Aug 2, 2019risk 0.00cvss —epss 0.01
cPanel before 62.0.17 allows self XSS in the WHM cPAddons showsecurity interface (SEC-217).
- CVE-2018-20919Aug 1, 2019risk 0.00cvss —epss 0.01
cPanel before 70.0.23 allows stored XSS via a WHM Create Account action (SEC-373).
- CVE-2018-20910Aug 1, 2019risk 0.00cvss —epss 0.01
cPanel before 70.0.23 allows self XSS in the WHM cPAddons showsecurity Interface (SEC-357).
- CVE-2008-2071May 12, 2008risk 0.00cvss —epss 0.01
Multiple cross-site request forgery (CSRF) vulnerabilities in the WHM interface 11.15.0 for cPanel 11.18 before 11.18.4 and 11.22 before 11.22.3 allow remote attackers to perform unauthorized actions as cPanel administrators via requests to cpanel/whm/webmail and other…