cPanel 11.25 is vulnerable to an XSS exploit as it fails to clean user-supplied input.
All versions prior to 47010 are affected. Please note that whilst this vulnerability is patched in version 47010, 47010 is currently on the bleeding-edge and isn't recommended for the stable environment.
Successful exploitation can result in user credentials being taken and being used to gain escalated privileges.
References: http://changelog.cpanel.net/?revision=0;tree=;treeview=;show=html;pp=50