Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
hestiacp control panel vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2020-10966
In the Password Reset Module in VESTA Control Panel up to and including 0.9.8-25 and Hestia Control Panel prior to 1.1.1, Host header manipulation leads to account takeover because the victim receives a reset URL containing an attacker-controlled server name.
Hestiacp Control Panel
Vestacp Control Panel
NA
CVE-2023-5839
Privilege Chaining in GitHub repository hestiacp/hestiacp before 1.8.9.
Hestiacp Control Panel
NA
CVE-2022-2550
OS Command Injection in GitHub repository hestiacp/hestiacp before 1.6.5.
Hestiacp Control Panel
4.3
CVSSv2
CVE-2022-0753
Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp before 1.5.9.
Hestiacp Control Panel
5.5
CVSSv2
CVE-2021-27231
Hestia Control Panel 1.3.5 and below, in a shared-hosting environment, sometimes allows remote authenticated users to create a subdomain for a different customer's domain name, leading to spoofing of services or email messages.
Hestiacp Control Panel
7.5
CVSSv2
CVE-2021-3797
hestiacp is vulnerable to Use of Wrong Operator in String Comparison
Hestiacp Control Panel
9
CVSSv2
CVE-2022-1509
Sed Injection Vulnerability in GitHub repository hestiacp/hestiacp before 1.5.12. An authenticated remote attacker with low privileges can execute arbitrary code under root context.
Hestiacp Control Panel
4.3
CVSSv2
CVE-2022-0752
Cross-site Scripting (XSS) - Generic in GitHub repository hestiacp/hestiacp before 1.5.9.
Hestiacp Control Panel
4.3
CVSSv2
CVE-2022-0838
Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp before 1.5.10.
Hestiacp Control Panel
4.3
CVSSv2
CVE-2022-0986
Reflected Cross-site Scripting (XSS) Vulnerability in GitHub repository hestiacp/hestiacp before 1.5.11.
Hestiacp Control Panel
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »