cPanel before 70.0.23 allows stored XSS via a WHM Edit DNS Zone action (SEC-374).
CWE-79
CVE-2018-20921
cPanel before 70.0.23 allows stored XSS via a WHM “Delete a DNS Zone” action (SEC-375).
CVE-2018-20922
cPanel before 70.0.23 allows stored XSS via a WHM DNS Cleanup action (SEC-376).
CVE-2018-20923
cPanel before 70.0.23 allows stored XSS via a WHM Synchronize DNS Records action (SEC-377).
CVE-2018-20874
cPanel before 74.0.8 allows self XSS in the WHM “Create a New Account” interface (SEC-428).
CVE-2018-20875
cPanel before 74.0.8 allows self XSS in the WHM Security Questions interface (SEC-433).