Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
web panel vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2019-13387
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, Reflected XSS in filemanager2.php (parameter fm_current_dir) allows malicious users to steal a cookie or session, or redirect to a phishing website.
Control-webpanel Webpanel 0.9.8.846
5.4
CVSSv3
CVE-2019-13476
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.837, XSS in the domain parameter allows a low-privilege user to achieve root access via the email list page.
Control-webpanel Webpanel 0.9.8.837
4.8
CVSSv3
CVE-2019-11429
CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.793 (Free/Open Source Version), 0.9.8.753 (Pro) and 0.9.8.807 (Pro) is vulnerable to Reflected XSS for the "Domain" field on the "DNS Functions > "Add DNS Zone" screen.
Control-webpanel Webpanel 0.9.8.793
Control-webpanel Webpanel 0.9.8.807
Control-webpanel Webpanel 0.9.8.753
1 EDB exploit
NA
CVE-2023-42121
Control Web Panel Missing Authentication Remote Code Execution Vulnerability. This vulnerability allows remote malicious users to execute arbitrary code on affected installations of Control Web Panel. Authentication is not required to exploit this vulnerability. The specific flaw...
8.8
CVSSv3
CVE-2019-13477
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.837, CSRF in the forgot password function allows an malicious user to change the password for the root account.
Control-webpanel Webpanel 0.9.8.837
NA
CVE-2023-42120
Control Web Panel dns_zone_editor Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote malicious users to execute arbitrary code on affected installations of Control Web Panel. Authentication is required to exploit this vulnerability. The specif...
NA
CVE-2023-42122
Control Web Panel wloggui Command Injection Local Privilege Escalation Vulnerability. This vulnerability allows local malicious users to escalate privileges on affected installations of Control Web Panel. An attacker must first obtain the ability to execute low-privileged code on...
NA
CVE-2023-42123
Control Web Panel mysql_manager Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote malicious users to execute arbitrary code on affected installations of Control Web Panel. Authentication is required to exploit this vulnerability. The specific...
NA
CVE-2008-4795
The links panel in Opera prior to 9.62 processes Javascript within the context of the "outermost page" of a frame, which allows remote malicious users to inject arbitrary web script or HTML via cross-site scripting (XSS) attacks.
Opera Opera 9.26
Opera Opera 9.20
Opera Opera 8.53
Opera Opera 9.10
Opera Opera 8.52
Opera Opera 8.51
Opera Opera 7.54
Opera Opera 8.0
Opera Opera 7.23
Opera Opera 7.50
Opera Opera 7.0
Opera Opera 7.03
Opera Opera 9.21
Opera Opera 9.02
Opera Opera 9.01
Opera Opera 8.50
Opera Opera 8.02
Opera Opera 7.21
Opera Opera 7.22
Opera Opera 7.02
Opera Opera 6
Opera Opera 6.04
1 EDB exploit
NA
CVE-2010-4331
Multiple cross-site scripting (XSS) vulnerabilities in Seo Panel 2.2.0 allow remote malicious users to inject arbitrary web script or HTML via the (1) default_news or (2) sponsors cookies, which are not properly handled by (a) controllers/index.ctrl.php or (b) controllers/setting...
Seopanel Seopanel 2.2.0
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »