Cpanel Webhost Manager vulnerabilities
4 known vulnerabilities affecting cpanel/webhost_manager.
Total CVEs
4
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
MEDIUM3LOW1
Vulnerabilities
Page 1 of 1
CVE-2012-6448P4MEDIUMCVSS 6.1PoCv11.34.02020-01-27
CVE-2012-6448 [MEDIUM] CWE-79 CVE-2012-6448: Cross-site Scripting (XSS) in cPanel WebHost Manager (WHM) 11.34.0 allows remote attackers to inject
Cross-site Scripting (XSS) in cPanel WebHost Manager (WHM) 11.34.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
nvd
CVE-2006-6198P4MEDIUMCVSS 6.0PoCv3.1.02006-12-01
CVE-2006-6198 [MEDIUM] CVE-2006-6198: Multiple cross-site scripting (XSS) vulnerabilities in cPanel WebHost Manager (WHM) 3.1.0 allow remo
Multiple cross-site scripting (XSS) vulnerabilities in cPanel WebHost Manager (WHM) 3.1.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) email parameter to (a) scripts2/dochangeemail, the (2) supporturl parameter to (b) cgi/addon_configsupport.cgi, the (3) pkg parameter to (c) scripts/editpkg, the (4) domain parameter to (
nvd
CVE-2007-0890P4MEDIUMCVSS 4.3PoCv5.0v5.3+22 more2007-02-12
CVE-2007-0890 [MEDIUM] CVE-2007-0890: Cross-site scripting (XSS) vulnerability in scripts/passwdmysql in cPanel WebHost Manager (WHM) 11.0
Cross-site scripting (XSS) vulnerability in scripts/passwdmysql in cPanel WebHost Manager (WHM) 11.0.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the password parameter.
nvd
CVE-2006-6548P4LOWCVSS 3.5v3.1.02006-12-14
CVE-2006-6548 [LOW] CVE-2006-6548: Multiple cross-site scripting (XSS) vulnerabilities in cPanel WebHost Manager (WHM) 3.1.0 allow remo
Multiple cross-site scripting (XSS) vulnerabilities in cPanel WebHost Manager (WHM) 3.1.0 allow remote authenticated users to inject arbitrary web script or HTML via the domain parameter to (1) scripts2/changeemail, (2) scripts2/limitbw, or (3) scripts/rearrangeacct. NOTE: the feature parameter to scripts2/dofeaturemanager is already covered by CVE-2006-6198.
nvd