Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cpanel vulnerabilities and exploits
(subscribe to this query)
2.6
CVSSv2
CVE-2006-3337
Cross-site scripting (XSS) vulnerability in frontend/x/files/select.html in cPanel 10.8.2-CURRENT 118 and previous versions allows remote malicious users to inject arbitrary web script or HTML via the file parameter.
Cpanel Cpanel
1 EDB exploit
4.3
CVSSv2
CVE-2008-6927
Multiple cross-site scripting (XSS) vulnerabilities in autoinstall4imagesgalleryupgrade.php in the Fantastico De Luxe Module for cPanel allow remote malicious users to inject arbitrary web script or HTML via the (1) localapp, (2) updatedir, (3) scriptpath_show, (4) domain_show, (...
Cpanel Cpanel
1 EDB exploit
8.5
CVSSv2
CVE-2008-2478
scripts/wwwacct in cPanel 11.18.6 STABLE and previous versions and 11.23.1 CURRENT and previous versions allows remote authenticated users with reseller privileges to execute arbitrary code via shell metacharacters in the Email address field (aka Email text box). NOTE: the vendor...
Cpanel Cpanel
1 EDB exploit
4.3
CVSSv2
CVE-2007-3366
Cross-site scripting (XSS) vulnerability in Simple CGI Wrapper (scgiwrap) in cPanel prior to 10.9.1, and 11.x prior to 11.4.19-R14378, allows remote malicious users to inject arbitrary web script or HTML via the URI. NOTE: the provenance of this information is unknown; the detail...
Cpanel Cpanel
7.8
CVSSv2
CVE-2007-3367
Simple CGI Wrapper (scgiwrap) in cPanel prior to 10.9.1, and 11.x prior to 11.4.19-R14378, allows remote malicious users to obtain sensitive information via a direct request, which reveals the path in an error message. NOTE: the provenance of this information is unknown; the deta...
Cpanel Cpanel
3.5
CVSSv2
CVE-2020-29135
cPanel prior to 90.0.17 has multiple instances of URL parameter injection (SEC-567).
Cpanel Cpanel
4
CVSSv2
CVE-2020-29136
In cPanel prior to 90.0.17, 2FA can be bypassed via a brute-force approach (SEC-575).
Cpanel Cpanel
4.3
CVSSv2
CVE-2020-29137
cPanel prior to 90.0.17 allows self-XSS via the WHM Transfer Tool interface (SEC-577).
Cpanel Cpanel
4.3
CVSSv2
CVE-2020-10113
cPanel prior to 84.0.20 allows self XSS via a temporary character-set specification (SEC-515).
Cpanel Cpanel
4.3
CVSSv2
CVE-2020-10114
cPanel prior to 84.0.20 allows stored self-XSS via the HTML file editor (SEC-535).
Cpanel Cpanel
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675
CVE-2024-3400
CVE-2024-23557
mass assignment
CVE-2023-1389
local file inclusion
CVE-2024-32596
file upload
CVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »