| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| cPanel before 90.0.17 allows self-XSS via the WHM Transfer Tool interface (SEC-577). |
| In cPanel before 90.0.17, 2FA can be bypassed via a brute-force approach (SEC-575). |
| cPanel before 90.0.17 has multiple instances of URL parameter injection (SEC-567). |
| cPanel before 90.0.10 allows self XSS via the Cron Editor interface (SEC-574). |
| cPanel before 90.0.10 allows self XSS via the Cron Jobs interface (SEC-573). |
| cPanel before 90.0.10 allows self XSS via WHM Manage API Tokens interfaces (SEC-569). |
| The email quota cache in cPanel before 90.0.10 allows overwriting of files. |
| cPanel before 90.0.10 allows self XSS via the WHM Edit DNS Zone interface (SEC-566). |
| cPanel before 88.0.13 allows self XSS via DNS Zone Manager DNSSEC interfaces (SEC-564). |
| cPanel before 88.0.13 allows bypass of a protection mechanism that attempted to restrict package modification (SEC-557). |
| cPanel before 88.0.13 mishandles file-extension dispatching, leading to code execution (SEC-488). |
| cPanel before 88.0.3, upon an upgrade, establishes predictable PowerDNS API keys (SEC-561). |
| cPanel before 88.0.3 has weak permissions (world readable) for the proxy subdomains log file (SEC-558). |
| In cPanel before 88.0.3, insecure chkservd test credentials are used on a templated VM (SEC-554). |
| In cPanel before 88.0.3, an insecure SRS secret is used on a templated VM (SEC-552). |
| In cPanel before 88.0.3, an insecure site password is used for Mailman on a templated VM (SEC-551). |
| In cPanel before 88.0.3, an insecure auth policy API key is used by Dovecot on a templated VM (SEC-550). |
| In cPanel before 88.0.3, insecure RNDC credentials are used for BIND on a templated VM (SEC-549). |
| chsh in cPanel before 88.0.3 allows a Jailshell escape (SEC-497). |
| cPanel before 88.0.3 allows attackers to bypass the SMTP greylisting protection mechanism (SEC-491). |
