cPanel before 74.0.8 allows self XSS in the Site Software Moderation interface (SEC-434).
CWE-79
CVE-2018-20877
cPanel before 74.0.8 allows self XSS in WHM Style Upload interface (SEC-437).
CVE-2018-20878
cPanel before 74.0.8 allows stored XSS in WHM “File and Directory Restoration” interface (SEC-441).
CVE-2018-20881
cPanel before 74.0.8 allows self stored XSS on the Security Questions login page (SEC-446).
CVE-2018-20884
cPanel before 74.0.0 allows stored XSS in the WHM File Restoration interface (SEC-367).
CVE-2018-20838
ampforwp_save_steps_data in the AMP for WP plugin before 0.9.97.21 for WordPress allows stored XSS.