Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
hestiacp control panel vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2020-10966
In the Password Reset Module in VESTA Control Panel up to and including 0.9.8-25 and Hestia Control Panel prior to 1.1.1, Host header manipulation leads to account takeover because the victim receives a reset URL containing an attacker-controlled server name.
Hestiacp Control Panel
Vestacp Control Panel
6.1
CVSSv3
CVE-2023-3479
Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp before 1.7.8.
Hestiacp Control Panel
7.2
CVSSv3
CVE-2022-2626
Incorrect Privilege Assignment in GitHub repository hestiacp/hestiacp before 1.6.6.
Hestiacp Control Panel
8.8
CVSSv3
CVE-2022-1509
Sed Injection Vulnerability in GitHub repository hestiacp/hestiacp before 1.5.12. An authenticated remote attacker with low privileges can execute arbitrary code under root context.
Hestiacp Control Panel
8.8
CVSSv3
CVE-2022-2636
Improper Control of Generation of Code ('Code Injection') in GitHub repository hestiacp/hestiacp before 1.6.6.
Hestiacp Control Panel
8.8
CVSSv3
CVE-2022-2550
OS Command Injection in GitHub repository hestiacp/hestiacp before 1.6.5.
Hestiacp Control Panel
6.1
CVSSv3
CVE-2022-0838
Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp before 1.5.10.
Hestiacp Control Panel
6.1
CVSSv3
CVE-2022-0986
Reflected Cross-site Scripting (XSS) Vulnerability in GitHub repository hestiacp/hestiacp before 1.5.11.
Hestiacp Control Panel
7.8
CVSSv3
CVE-2023-5839
Privilege Chaining in GitHub repository hestiacp/hestiacp before 1.8.9.
Hestiacp Control Panel
5.4
CVSSv3
CVE-2021-27231
Hestia Control Panel 1.3.5 and below, in a shared-hosting environment, sometimes allows remote authenticated users to create a subdomain for a different customer's domain name, leading to spoofing of services or email messages.
Hestiacp Control Panel
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »