cPanel prior to 71.9980.37 allows Remote-Stored XSS in WHM Save Theme Interface (SEC-400).
cpanel cpanel