cPanel before 68.0.27 allows self XSS in cPanel Backup Restoration (SEC-383).
cPanel before 68.0.27 allows self XSS in WHM Apache Configuration Include Editor (SEC-385).
cPanel before 68.0.27 allows self stored XSS in WHM Account Transfer (SEC-386).
cPanel before 68.0.27 allows self XSS in WHM Spamd Startup Config (SEC-387).
cPanel before 68.0.27 allows self XSS in the WHM listips interface (SEC-389).
cPanel before 70.0.23 allows stored XSS via the cpaddons vendor interface (SEC-391).
cPanel before 70.0.23 has Stored XSS via an WHM Edit DNS Zone action (SEC-410).
cPanel before 70.0.23 allows stored XSS in via a WHM "Reset a DNS Zone" action (SEC-412).
cPanel before 71.9980.37 allows Remote-Stored XSS in WHM Save Theme Interface (SEC-400).
cPanel before 71.9980.37 allows self XSS in the WHM Backup Configuration interface (SEC-421).
cPanel before 70.0.23 allows self XSS in the WHM cPAddons showsecurity Interface (SEC-357).
cPanel before 70.0.23 allows code execution because "." is in @INC during a Perl syntax check of cpaddonsup (SEC-359).
cPanel before 70.0.23 allows stored XSS via a WHM Edit DNS Zone action (SEC-369).
cPanel before 70.0.23 allows Stored XSS via a WHM Edit MX Entry (SEC-370).
cPanel before 70.0.23 allows stored XSS in WHM DNS Cluster (SEC-372).
cPanel before 70.0.23 allows stored XSS via a WHM Create Account action (SEC-373).
cPanel before 70.0.23 allows stored XSS via a WHM Edit DNS Zone action (SEC-374).
cPanel before 70.0.23 allows stored XSS via a WHM "Delete a DNS Zone" action (SEC-375).
cPanel before 70.0.23 allows stored XSS via a WHM DNS Cleanup action (SEC-376).
cPanel before 70.0.23 allows stored XSS via a WHM Synchronize DNS Records action (SEC-377).
cPanel before 71.9980.37 allows stored XSS in the WHM cPAddons installation interface (SEC-398).
cPanel before 71.9980.37 allows stored XSS in the YUM autorepair functionality (SEC-399).
cPanel before 74.0.8 allows self XSS in the WHM "Create a New Account" interface (SEC-428).
cPanel before 74.0.8 allows self XSS in the WHM Security Questions interface (SEC-433).
cPanel before 74.0.8 allows self XSS in the Site Software Moderation interface (SEC-434).
cPanel before 74.0.8 allows self XSS in WHM Style Upload interface (SEC-437).
cPanel before 74.0.8 allows stored XSS in WHM "File and Directory Restoration" interface (SEC-441).
cPanel before 74.0.8 allows self stored XSS on the Security Questions login page (SEC-446).
cPanel before 74.0.0 allows stored XSS in the WHM File Restoration interface (SEC-367).
cPanel before 76.0.8 has Self XSS in the WHM Additional Backup Destination field (SEC-459).
cPanel before 76.0.8 has Stored XSS in the WHM "Reset a DNS Zone" feature (SEC-461).
cPanel before 76.0.8 has Stored XSS in the WHM MultiPHP Manager interface (SEC-464).
cPanel through 74 allows XSS via a crafted filename in the logs subdirectory of a user account, because the filename is mishandled during frontend/THEME/raw/index.html rendering.