cPanel before 68.0.27 allows self XSS in the WHM listips interface (SEC-389).
CWE-79
CVE-2018-20962
The BackpackCRUD Backpack component before 3.4.9 for Laravel allows XSS via the select field type.
CVE-2018-20899
cPanel before 71.9980.37 allows stored XSS in the WHM cPAddons installation interface (SEC-398).
CVE-2018-20900
cPanel before 71.9980.37 allows stored XSS in the YUM autorepair functionality (SEC-399).
CVE-2018-20901
cPanel before 71.9980.37 allows Remote-Stored XSS in WHM Save Theme Interface (SEC-400).
CVE-2018-20903
cPanel before 71.9980.37 allows self XSS in the WHM Backup Configuration interface (SEC-421).