cPanel before 70.0.23 has Stored XSS via an WHM Edit DNS Zone action (SEC-410).
CWE-79
CVE-2018-20935
cPanel before 70.0.23 allows stored XSS in via a WHM “Reset a DNS Zone” action (SEC-412).
CVE-2018-20948
cPanel before 68.0.27 allows self XSS in cPanel Backup Restoration (SEC-383).
CVE-2018-20949
cPanel before 68.0.27 allows self XSS in WHM Apache Configuration Include Editor (SEC-385).
CVE-2018-20950
cPanel before 68.0.27 allows self stored XSS in WHM Account Transfer (SEC-386).
CVE-2018-20951
cPanel before 68.0.27 allows self XSS in WHM Spamd Startup Config (SEC-387).