cPanel before 70.0.23 allows self XSS in the WHM cPAddons showsecurity Interface (SEC-357).
CWE-79
CVE-2018-20911
cPanel before 70.0.23 allows code execution because “.” is in @INC during a Perl syntax check of cpaddonsup (SEC-359).
CVE-2018-20915
cPanel before 70.0.23 allows stored XSS via a WHM Edit DNS Zone action (SEC-369).
CVE-2018-20916
cPanel before 70.0.23 allows Stored XSS via a WHM Edit MX Entry (SEC-370).
CVE-2018-20918
cPanel before 70.0.23 allows stored XSS in WHM DNS Cluster (SEC-372).
CVE-2018-20919
cPanel before 70.0.23 allows stored XSS via a WHM Create Account action (SEC-373).