The socket.io module was vulnerable to cross-site websocker hijacking attack due to the incorrect parsing of http Origin header.
Invalid UTF-8 characters could trigger cPanel to use the Legacy Login page.
Some people asked me about publishing a comparison between x8 and other major tools for parameter discovery: Arjun and Param Miner, so here it is!