Proteus® NextGen Data Privacy™ users can receive automated alerts using this data by linking it to their ITIL CMDB (IT asset register)

2024

2023

2022

2021

2020

CVE-2020-26114 (v3: 6.1) 25 Sep 2020
cPanel before 90.0.10 allows self XSS via the Cron Jobs interface (SEC-573).
CVE-2020-26115 (v3: 6.1) 25 Sep 2020
cPanel before 90.0.10 allows self XSS via the Cron Editor interface (SEC-574).
CVE-2020-10113 (v3: 6.1) 17 Mar 2020
cPanel before 84.0.20 allows self XSS via a temporary character-set specification (SEC-515).
CVE-2020-10114 (v3: 6.1) 17 Mar 2020
cPanel before 84.0.20 allows stored self-XSS via the HTML file editor (SEC-535).

2019

CVE-2019-20493 (v3: 6.1) 17 Mar 2020
cPanel before 82.0.18 allows self-XSS because JSON string escaping is mishandled (SEC-520).
CVE-2019-20497 (v3: 5.4) 17 Mar 2020
cPanel before 82.0.18 allows stored XSS via WHM Backup Restoration (SEC-533).
CVE-2019-17376 (v3: 6.1) 9 Oct 2019
cPanel before 82.0.15 allows self XSS in the SSL Certificate Upload interface (SEC-521).
CVE-2019-17377 (v3: 6.1) 9 Oct 2019
cPanel before 82.0.15 allows self XSS in LiveAPI example scripts (SEC-524).
CVE-2019-17378 (v3: 6.1) 9 Oct 2019
cPanel before 82.0.15 allows self XSS in the SSL Key Delete interface (SEC-526).
CVE-2019-17379 (v3: 6.1) 9 Oct 2019
cPanel before 82.0.15 allows self stored XSS in the WHM SSL Storage Manager interface (SEC-527).
CVE-2019-17380 (v3: 6.1) 9 Oct 2019
cPanel before 82.0.15 allows self XSS in the WHM Update Preferences interface (SEC-528).
CVE-2019-14406 (v3: 6.1) 30 Jul 2019
cPanel before 78.0.18 has stored XSS in the BoxTrapper Queue Listing (SEC-493).
CVE-2019-14386 (v3: 5.4) 30 Jul 2019
cPanel before 82.0.2 has stored XSS in the WHM Tomcat Manager interface (SEC-504).
CVE-2019-14387 (v3: 6.1) 30 Jul 2019
cPanel before 82.0.2 has Self XSS in the cPanel and webmail master templates (SEC-506).
CVE-2019-14390 (v3: 5.4) 30 Jul 2019
cPanel before 82.0.2 has stored XSS in the WHM Modify Account interface (SEC-512).

2018

CVE-2018-20948 (v3: 6.1) 1 Aug 2019
cPanel before 68.0.27 allows self XSS in cPanel Backup Restoration (SEC-383).
CVE-2018-20949 (v3: 6.1) 1 Aug 2019
cPanel before 68.0.27 allows self XSS in WHM Apache Configuration Include Editor (SEC-385).
CVE-2018-20950 (v3: 6.1) 1 Aug 2019
cPanel before 68.0.27 allows self stored XSS in WHM Account Transfer (SEC-386).
CVE-2018-20951 (v3: 6.1) 1 Aug 2019
cPanel before 68.0.27 allows self XSS in WHM Spamd Startup Config (SEC-387).
CVE-2018-20953 (v3: 6.1) 1 Aug 2019
cPanel before 68.0.27 allows self XSS in the WHM listips interface (SEC-389).
CVE-2018-20928 (v3: 6.1) 1 Aug 2019
cPanel before 70.0.23 allows stored XSS via the cpaddons vendor interface (SEC-391).
CVE-2018-20933 (v3: 5.4) 1 Aug 2019
cPanel before 70.0.23 has Stored XSS via an WHM Edit DNS Zone action (SEC-410).
CVE-2018-20935 (v3: 5.4) 1 Aug 2019
cPanel before 70.0.23 allows stored XSS in via a WHM "Reset a DNS Zone" action (SEC-412).
CVE-2018-20901 (v3: 6.1) 1 Aug 2019
cPanel before 71.9980.37 allows Remote-Stored XSS in WHM Save Theme Interface (SEC-400).
CVE-2018-20903 (v3: 6.1) 1 Aug 2019
cPanel before 71.9980.37 allows self XSS in the WHM Backup Configuration interface (SEC-421).
CVE-2018-20910 (v3: 6.1) 1 Aug 2019
cPanel before 70.0.23 allows self XSS in the WHM cPAddons showsecurity Interface (SEC-357).
CVE-2018-20911 (v3: 7.2) 1 Aug 2019
cPanel before 70.0.23 allows code execution because "." is in @INC during a Perl syntax check of cpaddonsup (SEC-359).
CVE-2018-20915 (v3: 5.4) 1 Aug 2019
cPanel before 70.0.23 allows stored XSS via a WHM Edit DNS Zone action (SEC-369).
CVE-2018-20916 (v3: 5.4) 1 Aug 2019
cPanel before 70.0.23 allows Stored XSS via a WHM Edit MX Entry (SEC-370).
CVE-2018-20918 (v3: 6.1) 1 Aug 2019
cPanel before 70.0.23 allows stored XSS in WHM DNS Cluster (SEC-372).
CVE-2018-20919 (v3: 6.1) 1 Aug 2019
cPanel before 70.0.23 allows stored XSS via a WHM Create Account action (SEC-373).
CVE-2018-20920 (v3: 6.1) 1 Aug 2019
cPanel before 70.0.23 allows stored XSS via a WHM Edit DNS Zone action (SEC-374).
CVE-2018-20921 (v3: 6.1) 1 Aug 2019
cPanel before 70.0.23 allows stored XSS via a WHM "Delete a DNS Zone" action (SEC-375).
CVE-2018-20922 (v3: 6.1) 1 Aug 2019
cPanel before 70.0.23 allows stored XSS via a WHM DNS Cleanup action (SEC-376).
CVE-2018-20923 (v3: 6.1) 1 Aug 2019
cPanel before 70.0.23 allows stored XSS via a WHM Synchronize DNS Records action (SEC-377).
CVE-2018-20899 (v3: 6.1) 1 Aug 2019
cPanel before 71.9980.37 allows stored XSS in the WHM cPAddons installation interface (SEC-398).
CVE-2018-20900 (v3: 6.1) 1 Aug 2019
cPanel before 71.9980.37 allows stored XSS in the YUM autorepair functionality (SEC-399).
CVE-2018-20874 (v3: 5.4) 1 Aug 2019
cPanel before 74.0.8 allows self XSS in the WHM "Create a New Account" interface (SEC-428).
CVE-2018-20875 (v3: 5.4) 1 Aug 2019
cPanel before 74.0.8 allows self XSS in the WHM Security Questions interface (SEC-433).
CVE-2018-20876 (v3: 5.4) 1 Aug 2019
cPanel before 74.0.8 allows self XSS in the Site Software Moderation interface (SEC-434).
CVE-2018-20877 (v3: 5.4) 1 Aug 2019
cPanel before 74.0.8 allows self XSS in WHM Style Upload interface (SEC-437).
CVE-2018-20878 (v3: 5.4) 1 Aug 2019
cPanel before 74.0.8 allows stored XSS in WHM "File and Directory Restoration" interface (SEC-441).
CVE-2018-20881 (v3: 5.4) 1 Aug 2019
cPanel before 74.0.8 allows self stored XSS on the Security Questions login page (SEC-446).
CVE-2018-20884 (v3: 5.4) 1 Aug 2019
cPanel before 74.0.0 allows stored XSS in the WHM File Restoration interface (SEC-367).
CVE-2018-20865 (v3: 6.1) 30 Jul 2019
cPanel before 76.0.8 has Self XSS in the WHM Additional Backup Destination field (SEC-459).
CVE-2018-20866 (v3: 6.1) 30 Jul 2019
cPanel before 76.0.8 has Stored XSS in the WHM "Reset a DNS Zone" feature (SEC-461).
CVE-2018-20868 (v3: 6.1) 30 Jul 2019
cPanel before 76.0.8 has Stored XSS in the WHM MultiPHP Manager interface (SEC-464).
CVE-2018-16236 (v3: 6.1) 30 Aug 2018
cPanel through 74 allows XSS via a crafted filename in the logs subdirectory of a user account, because the filename is mishandled during frontend/THEME/raw/index.html rendering.

2017

CVE-2017-18471 (v3: 5.4) 5 Aug 2019
cPanel before 62.0.4 allows self XSS on the paper_lantern password-change screen (SEC-197).
CVE-2017-18472 (v3: 6.1) 5 Aug 2019
cPanel before 62.0.4 allows reflected XSS in reset-password interfaces (SEC-198).
CVE-2017-18473 (v3: 5.4) 5 Aug 2019
cPanel before 62.0.4 allows self XSS on the webmail Password and Security page (SEC-199).
CVE-2017-18481 (v3: 5.4) 5 Aug 2019
cPanel before 62.0.4 allows stored XSS in the WHM Account Suspension List interface (SEC-211).
CVE-2017-18454 (v3: 5.4) 2 Aug 2019
cPanel before 62.0.24 allows stored XSS in the WHM cPAddons install interface (SEC-262).
CVE-2017-18456 (v3: 6.1) 2 Aug 2019
cPanel before 62.0.17 allows self XSS in the WHM cPAddons showsecurity interface (SEC-217).
CVE-2017-18417 (v3: 5.4) 2 Aug 2019
cPanel before 66.0.2 allows stored XSS during WHM cPAddons installation (SEC-263).
CVE-2017-18418 (v3: 5.4) 2 Aug 2019
cPanel before 66.0.2 allows stored XSS during WHM cPAddons file operations (SEC-265).
CVE-2017-18419 (v3: 5.4) 2 Aug 2019
cPanel before 66.0.2 allows stored XSS during WHM cPAddons uninstallation (SEC-266).
CVE-2017-18420 (v3: 5.4) 2 Aug 2019
cPanel before 66.0.2 allows stored XSS during WHM cPAddons processing (SEC-269).
CVE-2017-18402 (v3: 5.4) 2 Aug 2019
cPanel before 68.0.15 allows stored XSS during a cpaddons moderated upgrade (SEC-336).
CVE-2017-18408 (v3: 5.4) 2 Aug 2019
cPanel before 67.9999.103 allows stored XSS in WHM MySQL Password Change interfaces (SEC-282).
CVE-2017-11441 (v3: 5.4) 19 Jul 2017
The WHM Upload Locale interface in cPanel before 56.0.51, 58.x before 58.0.52, 60.x before 60.0.45, 62.x before 62.0.27, 64.x before 64.0.33, and 66.x before 66.0.2 has XSS via a locale filename, aka SEC-297.
CVE-2017-5616 (v3: 6.1) 3 Mar 2017
Cross-site scripting (XSS) vulnerability in cgiemail and cgiecho allows remote attackers to inject arbitrary web script or HTML via the addendum parameter.

2016

CVE-2016-10806 (v3: 5.4) 7 Aug 2019
cPanel before 57.9999.54 allows self XSS on the Paper Lantern Landing Page (SEC-110).
CVE-2016-10795 (v3: 6.1) 6 Aug 2019
cPanel before 59.9999.145 allows stored XSS in the WHM tail_upcp2.cgi interface (SEC-156).
CVE-2016-10776 (v3: 5.4) 6 Aug 2019
cPanel before 60.0.25 allows stored XSS during the homedir removal phase of WHM Account termination (SEC-174).
CVE-2016-10777 (v3: 5.4) 6 Aug 2019
cPanel before 60.0.25 allows self XSS in WHM Tweak Settings for autodiscover_host (SEC-177).
CVE-2016-10778 (v3: 5.4) 6 Aug 2019
cPanel before 60.0.25 allows self stored XSS in the listftpstable API (SEC-178).
CVE-2016-10779 (v3: 5.4) 6 Aug 2019
cPanel before 60.0.25 allows stored XSS in api1_listautoresponders (SEC-179).
CVE-2016-10780 (v3: 5.4) 6 Aug 2019
cPanel before 60.0.25 allows stored XSS in the ftp_sessions API (SEC-180).
CVE-2016-10781 (v3: 5.4) 6 Aug 2019
cPanel before 60.0.25 allows self XSS in the UI_confirm API (SEC-180).
CVE-2016-10782 (v3: 5.4) 6 Aug 2019
cPanel before 60.0.25 allows self stored XSS in postgres API1 listdbs (SEC-181).
CVE-2016-10783 (v3: 5.4) 6 Aug 2019
cPanel before 60.0.25 allows self stored XSS in SSL_listkeys (SEC-182).
CVE-2016-10784 (v3: 5.4) 6 Aug 2019
cPanel before 60.0.25 allows self XSS in the alias upload interface (SEC-184).
CVE-2016-10767 (v3: 5.4) 5 Aug 2019
cPanel before 60.0.25 allows stored XSS in the WHM Repair Mailbox Permissions interface (SEC-159).
CVE-2016-10774 (v3: 5.4) 5 Aug 2019
cPanel before 60.0.25 allows self XSS in the tail_ea4_migration.cgi interface (SEC-172).
CVE-2016-10813 (v3: 5.4) 1 Aug 2019
cPanel before 57.9999.54 allows self XSS during ftp account creation under addon domains (SEC-118).
CVE-2016-10822 (v3: 5.4) 1 Aug 2019
cPanel before 55.9999.141 allows self XSS in X3 Reseller Branding Images (SEC-88).
CVE-2016-10827 (v3: 5.4) 1 Aug 2019
cPanel before 55.9999.141 allows self stored XSS in WHM Edit System Mail Preferences (SEC-96).
CVE-2016-10851 (v3: 5.4) 1 Aug 2019
cPanel before 11.54.0.4 allows self XSS in the WHM PHP Configuration editor interface (SEC-84).
CVE-2016-10853 (v3: 5.4) 1 Aug 2019
cPanel before 11.54.0.4 allows stored XSS in the WHM Feature Manager interface (SEC-86).
CVE-2016-10854 (v3: 5.4) 1 Aug 2019
cPanel before 11.54.0.4 allows self XSS in the X3 Entropy Banner interface (SEC-87).

2015