WHM/cPanel is prone to cross-site scripting vulnerability because it fails to properly sanitize users inputs and datastore files.

Type: XSS
Product: cPanel
Website: http://www.cpanel.net
Vulnerable Version: WHM 11.40 and prior.
Date: 11/11/2013
By: Prajith P <http://prajith.in>

Vendor Contact Timeline:

2013-111-11: 3:37 AM IST Vendor contacted via email.

2013-111-11: 7:44 AM IST - Vendor confirmed vulnerability. and filed security report(case number 82701).