95 matches found
GHSA-F98P-9PP6-7Q6C Apache Tomcat Cross-site scripting (XSS) vulnerability
Cross-site scripting XSS vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter aka the hostname attribute to host-manager/html/add...
Cpanel 代码问题漏洞
cPanel is a web-based host control management system from cPanel USA. cPanel versions prior to 98.0.1 have an XXE vulnerability in the WHM Locale Upload feature. No detailed vulnerability details are currently available...
cPanel cross-site scripting vulnerability (CNVD-2020-55177)
cPanel is a set of Web-based automated colocation platform from the US-based cPanel. The platform is primarily used to automate the management of websites and servers. A cross-site scripting vulnerability exists in cPanel versions prior to 90.0.10, which stems from self XSS that allows editing of...
cPanel cross-site scripting vulnerability (CNVD-2020-54779)
cPanel is a set of Web-based automated colocation platform from the US-based cPanel. The platform is primarily used to automate the management of websites and servers. A cross-site scripting vulnerability exists in cPanel versions prior to 90.0.10, which stems from self XSS that allows the...
CVE-2019-20497
cPanel before 82.0.18 allows stored XSS via WHM Backup Restoration SEC-533...
cPanel cross-site scripting vulnerability (CNVD-2019-29012)
cPanel is a set of Web-based automated colocation platform from the US-based cPanel. The platform is primarily used to automate the management of websites and servers. A cross-site scripting vulnerability exists in WHM Account Transfer in versions prior to cPanel 68.0.27. The vulnerability stems...
cPanel cross-site scripting vulnerability (CNVD-2019-30470)
cPanel is a set of Web-based automated colocation platform from the US-based cPanel. The platform is primarily used to automate the management of websites and servers. A cross-site scripting vulnerability exists in the WHM Repair Mailbox Permissions interface in versions prior to cPanel 60.0.25...
CVE-2016-10776
cPanel before 60.0.25 allows stored XSS during the homedir removal phase of WHM Account termination SEC-174...
CVE-2017-18457
cPanel before 62.0.17 allows arbitrary file-read operations via WHM /styled/ URLs SEC-218...
CVE-2017-18408
cPanel before 67.9999.103 allows stored XSS in WHM MySQL Password Change interfaces SEC-282...
CVE-2018-20951
cPanel before 68.0.27 allows self XSS in WHM Spamd Startup Config SEC-387...
CVE-2016-10827
cPanel before 55.9999.141 allows self stored XSS in WHM Edit System Mail Preferences SEC-96...
CVE-2018-20935
cPanel before 70.0.23 allows stored XSS in via a WHM "Reset a DNS Zone" action SEC-412...
CVE-2018-20925
cPanel before 70.0.23 allows local privilege escalation via the WHM Legacy Language File Upload interface SEC-379...
CVE-2018-20921
cPanel before 70.0.23 allows stored XSS via a WHM "Delete a DNS Zone" action SEC-375...
CVE-2018-20910
cPanel before 70.0.23 allows self XSS in the WHM cPAddons showsecurity Interface SEC-357...
CVE-2018-20866
cPanel before 76.0.8 has Stored XSS in the WHM "Reset a DNS Zone" feature SEC-461...
tomcat: CSRF token leak
A CSRF flaw was found in Tomcat's the index pages for the Manager and Host Manager applications. These applications included a valid CSRF token when issuing a redirect as a result of an unauthenticated request to the root of the web application. This token could then be used by an attacker to...
tomcat: CSRF token leak
A CSRF flaw was found in Tomcat's the index pages for the Manager and Host Manager applications. These applications included a valid CSRF token when issuing a redirect as a result of an unauthenticated request to the root of the web application. This token could then be used by an attacker to...
tomcat: CSRF token leak
A CSRF flaw was found in Tomcat's the index pages for the Manager and Host Manager applications. These applications included a valid CSRF token when issuing a redirect as a result of an unauthenticated request to the root of the web application. This token could then be used by an attacker to...