cPanel before 62.0.4 allows reflected XSS in reset-password interfaces (SEC-198).Referenceshttps://documentation.cpanel.net/display/CL/62+Change+Log
