cPanel prior to 55.9999.141 allows malicious users to bypass a Security Policy by faking static documents (SEC-92).
cpanel cpanel