CVE-2016-10776

cPanel before 60.0.25 allows stored XSS during the homedir removal phase of WHM Account termination (SEC-174).
Source: NIST
CVE-2016-10776