Cpanel

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2017-5616 1Cpanel 2Cgiecho Cgiemail May 13, 2026 Mar 3, 2017 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in cgiemail and cgiecho allows remote attackers to inject arbitrary web script or HTML via the addendum parameter.
CVE-2017-5615 1Cpanel 2Cgiecho Cgiemail May 13, 2026 Mar 3, 2017 N/A· v4 6.1 MEDIUM· v3 5.8 MEDIUM· v2 cgiemail and cgiecho allow remote attackers to inject HTTP headers via a newline character in the redirect location.
CVE-2017-5614 1Cpanel 1Cpanel May 13, 2026 Mar 3, 2017 N/A· v4 6.1 MEDIUM· v3 5.8 MEDIUM· v2 Open redirect vulnerability in cgiemail and cgiecho allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the (1) success or (2) failure parameter.
CVE-2017-5613 1Cpanel 2Cgiecho Cgiemail May 13, 2026 Mar 3, 2017 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 Format string vulnerability in cgiemail and cgiecho allows remote attackers to execute arbitrary code via format string specifiers in a template file.
CVE-2009-4823 1Cpanel 1Cpanel Apr 29, 2026 Apr 27, 2010 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in frontend/x3/files/fileop.html in cPanel 11.0 through 11.24.7 allows remote attackers to inject arbitrary web script or HTML via the fileop parameter.
CVE-2008-7142 1Cpanel 1Cpanel Apr 23, 2026 Sep 1, 2009 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Absolute path traversal vulnerability in the Disk Usage module (frontend/x/diskusage/index.html) in cPanel 11.18.3 allows remote attackers to list arbitrary directories via the showtree parameter.
CVE-2008-6927 1Cpanel 1Cpanel Apr 23, 2026 Aug 10, 2009 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Multiple cross-site scripting (XSS) vulnerabilities in autoinstall4imagesgalleryupgrade.php in the Fantastico De Luxe Module for cPanel allow remote attackers to inject arbitrary web script or HTML via the (1) localapp,...Show more Multiple cross-site scripting (XSS) vulnerabilities in autoinstall4imagesgalleryupgrade.php in the Fantastico De Luxe Module for cPanel allow remote attackers to inject arbitrary web script or HTML via the (1) localapp, (2) updatedir, (3) scriptpath_show, (4) domain_show, (5) thispage, (6) thisapp, and (7) currentversion parameters in an Upgrade action.Show less
CVE-2008-6843 2Cpanel Netenberg 2Cpanel Fantastico De Luxe Apr 23, 2026 Jul 2, 2009 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Directory traversal vulnerability in index.php in Fantastico, as used with cPanel 11.x, allows remote attackers to read arbitrary files via a .. (dot dot) in the sup3r parameter.
CVE-2009-2275 1Cpanel 1Cpanel Apr 23, 2026 Jul 1, 2009 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Directory traversal vulnerability in frontend/x3/stats/lastvisit.html in cPanel allows remote attackers to read arbitrary files via a .. (dot dot) in the domain parameter.
CVE-2008-2478 1Cpanel 1Cpanel Apr 23, 2026 May 28, 2008 N/A· v4 N/A· v3 8.5 HIGH· v2 scripts/wwwacct in cPanel 11.18.6 STABLE and earlier and 11.23.1 CURRENT and earlier allows remote authenticated users with reseller privileges to execute arbitrary code via shell metacharacters in the Email address fiel...Show more scripts/wwwacct in cPanel 11.18.6 STABLE and earlier and 11.23.1 CURRENT and earlier allows remote authenticated users with reseller privileges to execute arbitrary code via shell metacharacters in the Email address field (aka Email text box). NOTE: the vendor disputes this, stating "I'm unable to reproduce such an issue on multiple servers running different versions of cPanel.Show less
CVE-2008-2071 1Cpanel 1Cpanel Apr 23, 2026 May 12, 2008 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Multiple cross-site request forgery (CSRF) vulnerabilities in the WHM interface 11.15.0 for cPanel 11.18 before 11.18.4 and 11.22 before 11.22.3 allow remote attackers to perform unauthorized actions as cPanel administra...Show more Multiple cross-site request forgery (CSRF) vulnerabilities in the WHM interface 11.15.0 for cPanel 11.18 before 11.18.4 and 11.22 before 11.22.3 allow remote attackers to perform unauthorized actions as cPanel administrators via requests to cpanel/whm/webmail and other unspecified vectors.Show less
CVE-2008-2070 1Cpanel 1Cpanel Apr 23, 2026 May 12, 2008 N/A· v4 N/A· v3 4.3 MEDIUM· v2 The WHM interface 11.15.0 for cPanel 11.18 before 11.18.4 and 11.22 before 11.22.3 allows remote attackers to bypass XSS protection and inject arbitrary script or HTML via repeated, improperly-ordered "<" and ">" charact...Show more The WHM interface 11.15.0 for cPanel 11.18 before 11.18.4 and 11.22 before 11.22.3 allows remote attackers to bypass XSS protection and inject arbitrary script or HTML via repeated, improperly-ordered "<" and ">" characters in the (1) issue parameter to scripts2/knowlegebase, (2) user parameter to scripts2/changeip, (3) search parameter to scripts2/listaccts, and other unspecified vectors.Show less
CVE-2008-2043 1Cpanel 1Cpanel Apr 23, 2026 May 1, 2008 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Multiple cross-site request forgery (CSRF) vulnerabilities in cPanel, possibly 11.18.3 and 11.19.3, allow remote attackers to (1) execute arbitrary code via the command1 parameter to frontend/x2/cron/editcronsimple.html,...Show more Multiple cross-site request forgery (CSRF) vulnerabilities in cPanel, possibly 11.18.3 and 11.19.3, allow remote attackers to (1) execute arbitrary code via the command1 parameter to frontend/x2/cron/editcronsimple.html, and perform various administrative actions via (2) frontend/x2/sql/adddb.html, (3) frontend/x2/sql/adduser.html, and (4) frontend/x2/ftp/doaddftp.html.Show less
CVE-2008-1499 1Cpanel 1Cpanel Apr 23, 2026 Mar 25, 2008 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in frontend/x/manpage.html in cPanel 11.18.3 and 11.21.0-BETA allows remote attackers to inject arbitrary web script or HTML via the query string.
CVE-2008-0370 1Cpanel 1Cpanel Apr 23, 2026 Jan 22, 2008 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in dohtaccess.html in cPanel before 11.17 build 19417 allows remote attackers to inject arbitrary web script or HTML via the rurl parameter. NOTE: some of these details are obtai...Show more Cross-site scripting (XSS) vulnerability in dohtaccess.html in cPanel before 11.17 build 19417 allows remote attackers to inject arbitrary web script or HTML via the rurl parameter. NOTE: some of these details are obtained from third party information.Show less
CVE-2007-4022 1Cpanel 1Cpanel Apr 23, 2026 Jul 26, 2007 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in frontend/x/htaccess/changepro.html in cPanel 10.9.1 allows remote attackers to inject arbitrary web script or HTML via the resname parameter.
CVE-2007-3367 1Cpanel 1Cpanel Apr 23, 2026 Jun 22, 2007 N/A· v4 N/A· v3 7.8 HIGH· v2 Simple CGI Wrapper (scgiwrap) in cPanel before 10.9.1, and 11.x before 11.4.19-R14378, allows remote attackers to obtain sensitive information via a direct request, which reveals the path in an error message. NOTE: the...Show more Simple CGI Wrapper (scgiwrap) in cPanel before 10.9.1, and 11.x before 11.4.19-R14378, allows remote attackers to obtain sensitive information via a direct request, which reveals the path in an error message. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.Show less
CVE-2007-3366 1Cpanel 1Cpanel Apr 23, 2026 Jun 22, 2007 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in Simple CGI Wrapper (scgiwrap) in cPanel before 10.9.1, and 11.x before 11.4.19-R14378, allows remote attackers to inject arbitrary web script or HTML via the URI. NOTE: the pr...Show more Cross-site scripting (XSS) vulnerability in Simple CGI Wrapper (scgiwrap) in cPanel before 10.9.1, and 11.x before 11.4.19-R14378, allows remote attackers to inject arbitrary web script or HTML via the URI. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.Show less
CVE-2007-0890 1Cpanel 1Webhost Manager Apr 23, 2026 Feb 12, 2007 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in scripts/passwdmysql in cPanel WebHost Manager (WHM) 11.0.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the password parameter.
CVE-2007-0854 1Cpanel 1Webhost Manager Apr 23, 2026 Feb 8, 2007 N/A· v4 N/A· v3 7.5 HIGH· v2 Remote file inclusion vulnerability in scripts2/objcache in cPanel WebHost Manager (WHM) allows remote attackers to execute arbitrary code via a URL in the obj parameter. NOTE: a third party claims that this issue is no...Show more Remote file inclusion vulnerability in scripts2/objcache in cPanel WebHost Manager (WHM) allows remote attackers to execute arbitrary code via a URL in the obj parameter. NOTE: a third party claims that this issue is not file inclusion because the contents are not parsed, but the attack can be used to overwrite files in /var/cpanel/objcache or provide unexpected web page contents.Show less

Previous 1...18 192021 22 Next