cPanel TSR-2021-0005 Full Disclosure

cPanel TSR-2021-0005 Full Disclosure cPanel has released its Targeted Security Release to address security concerns with the cPanel product. These updates are currently available to all customers via the standard update system. cPanel has rated this update as having a CVSSv3.1 score of 3.9 to 5.3. For more information on ratings, please visit Encode.pm, it is possible for an attacker to execute arbitrary code as another user on the server. Credits This issue was discovered by the cPanel Security Team. Solution This issue is resolved in the following builds: 11.98.0.8 11.94.0.16 SEC-596 Summary Reflected XSS Vulnerability in Legacy Login Page. Security Rating cPanel has assigned this vulnerability a CVSSv3.1 score of 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Description Invalid UTF-8 characters could trigger cPanel to use the Legacy Login page. This page did not adequately encode output. This could allow for an attacker to inject arbitrary JavaScript code into the rendered page. Credits This issue was discovered by Sh1yo. Solution This issue is resolved in the following builds: 11.98.0.8 11.94.0.16 Additional Information For the latest information on cPanel & WHM releases, please visit our our documentation. For the PGP-Signed message please see