cpanel vulnerabilities and exploits

4.3
CVSSv2
CVE-2008-1499

Cross-site scripting (XSS) vulnerability in frontend/x/manpage.html in cPanel 11.18.3 and 11.21.0-BETA allows remote attackers to inject arbitrary web script or HTML via the query string....

Cpanel
3.5
CVSSv2
CVE-2017-18408

cPanel before 67.9999.103 allows stored XSS in WHM MySQL Password Change interfaces (SEC-282)....

5
CVSSv2
CVE-2016-10791

cPanel before 60.0.15 does not ensure that system accounts lack a valid password, so that logins are impossible (CPANEL-9559)....

4.3
CVSSv2
CVE-2017-18399

cPanel before 68.0.15 allows attackers to read root's crontab file during a short time interval upon enabling or disabling sqloptimizer (SEC-332)....

6.5
CVSSv2
CVE-2016-10814

cPanel before 57.9999.54 allows demo-mode escape via show_template.stor (SEC-119)....

5.5
CVSSv2
CVE-2016-10839

cPanel before 11.54.0.4 allows SQL injection in bin/horde_update_usernames (SEC-71)....

2.1
CVSSv2
CVE-2016-10799

cPanel before 58.0.4 does not set the Pear tmp directory during a PHP installation (SEC-137)....

7.2
CVSSv2
CVE-2017-18400

cPanel before 68.0.15 allows local root code execution via cpdavd (SEC-333)....

6.5
CVSSv2
CVE-2017-18475

In cPanel before 62.0.4, Exim piped filters ran in the context of an incorrect user account when delivering to a system user (SEC-204)....

4.3
CVSSv2
CVE-2019-14406

cPanel before 78.0.18 has stored XSS in the BoxTrapper Queue Listing (SEC-493)....