cPanel before 66.0.2 allows stored XSS during WHM cPAddons uninstallation (SEC-266).Referenceshttps://documentation.cpanel.net/display/CL/66+Change+Log
