Exploit for Missing Authentication for Critical Function in Cpanel

cPanelSniper CVE-2026-41940 — c...

Exploit for CVE-2026-41940

cPanel/WHM Auth Bypass Scanner & Exploit Tool A Go command-li...

EUVD-2026-26246

cPanel and WHM versions prior to 11.110.0.97, 11.118.0.63, 11.126.0.54, 11.132.0.29, 11.134.0.20, and 11.136.0.5 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel...

UBUNTU-CVE-2025-43920

GNU Mailman 2.1.39, as bundled in cPanel and WHM, in certain external archiver configurations, allows unauthenticated attackers to execute arbitrary OS commands via shell metacharacters in an email Subject line. NOTE: multiple third parties report that they are unable to reproduce this, regardles...

CVE-2020-26113

cPanel before 90.0.10 allows self XSS via WHM Manage API Tokens interfaces SEC-569...

cPanel cross-site scripting vulnerability (CNVD-2019-29020)

cPanel is a set of Web-based automated colocation platform from the US-based cPanel. The platform is primarily used to automate the management of websites and servers. A security vulnerability exists in WHM Edit System Mail Preferences in versions prior to cPanel 55.9999.141. The vulnerability...

CVE-2017-18418

cPanel before 66.0.2 allows stored XSS during WHM cPAddons file operations SEC-265...

CVE-2018-20952

cPanel before 68.0.27 creates world-readable files during use of WHM Apache Includes Editor SEC-388...

CVE-2016-10853

cPanel before 11.54.0.4 allows stored XSS in the WHM Feature Manager interface SEC-86...

cPanel Web Hosting Manager 3.1 - Multiple Cross-Site Scripting Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/21498/info Web Hosting Manager is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary scri...

cPanel - 'detailbw.html' Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/57060/info cPanel and WHM are prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user i...

cPanel Web Hosting Manager 3.1 - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/21498/info Web Hosting Manager is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code execute in the browser of ...

cPanel Web Hosting Manager 3.1 - Multiple Cross-Site Scripting Vulnerabilities

cPanel Web Hosting Manager 3.1 - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/21498/info Web Hosting Manager is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may...

[Full-disclosure] Re: cPanel Multiple Cross Site Scripting Vulnerability

One more to ur list http://localhost:2095/dowebmailforward.cgi?fwd=3Cscript3Ealert28document.cookie293B3C2Fscript3E&action=Add+Forwarder Sumit On 2/4/06, Hamish Stanaway [email protected] wrote: Hi there, Thank you for finding this vulnerability in a widely used software. I was wondering i...

[Full-disclosure] cPanel Multiple Cross Site Scripting Vulnerability

Title: cPanel Multiple Cross Site Scripting Author: Simo Ben youssef aka 6mOHaCk simoatmorxorg Discovered: 22 january 2005 Published: 02 february 2006 MorX Security Research Team http://www.morx.org Service: Web Hosting Manager Vendor: cPanel Vulnerability: Cross Site Scripting / Cookie-Theft /...